mirrors/Sandboxie
mirrors
/
Sandboxie
mirror of https://github.com/sandboxie-plus/Sandboxie.git
1
0
Fork 0
Code Releases Activity

Merge branch 'master' into next

This commit is contained in:
DavidXanatos 2022-04-30 20:31:53 +02:00
parent e94568b3a4 93826416b1
commit d2373bf738
203 changed files with 17935 additions and 13212 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.github/FUNDING.yml vendored Normal file
View File

@ -0,0 +1,3 @@
# These are supported funding model platforms
patreon: DavidXanatos
custom: xanasoft.com/go.php?to=donate

32
.github/ISSUE_TEMPLATE/1-problem_report.yml vendored
View File

@ -1,17 +1,27 @@
name: Problem report
description: Please report your problem here to help us improve
labels: ["Confirmation pending"]
body:
- type: markdown
attributes:
value: |
Thanks for taking the time to fill out this report!
To see if your problem has already been reported, you can use the search box on the Issues and Discussions tabs.
Also, you may find your answer in our documentation hosted on GitHub: https://sandboxie-plus.github.io/sandboxie-docs
- type: textarea
id: what-happened
attributes:
label: What happened?
description: A clear and concise description of what the problem is. You can add screenshots and provide links to help explain it.
placeholder: Tell us what you see! If you had a compatibility issue, you may want to include a download link to the incompatible software.
placeholder: Tell us what you see!
validations:
required: true
- type: input
id: download-link
attributes:
label: Download link
description: If you had a compatibility issue, you may want to include a download link to the incompatible software or type something like "Not relevant" or "Not available".
placeholder: https://
validations:
required: true
- type: textarea
@ -103,11 +113,13 @@ body:
- type: dropdown
id: sandboxed-or-not
attributes:
label: Is the sandboxed program also installed outside the sandbox?
label: Where is the program located?
description: Select "Not relevant" if you don't have any malfunctioning program to report.
options:
- "Yes, it is also installed outside the sandbox."
- "No, it is not installed in the real system."
- "The program is installed both inside and outside the sandbox."
- "The program is installed only outside the sandbox."
- "The program is installed only inside a sandbox (NOT in the real system anyway)."
- "I tried to install it only inside a sandbox, but I wasn't able to achieve it."
- "Not relevant to my request."
validations:
required: true
@ -173,13 +185,3 @@ body:
.....
render: shell
- type: input
id: sandboxie-plus-config
attributes:
label: Sandboxie-Plus.ini configuration (for Plus interface issues)
description: |
Sandboxie-Plus.ini is only needed if you have specific user interface issues with Sandboxie Plus
(this is usually located in `C:\Users\%Username%\AppData\Local\Sandboxie-Plus` or `C:\ProgramData\Sandboxie-Plus` for corporate users).
Please copy the content on https://gist.github.com and share the resulting link below.
placeholder: https://

2
.github/ISSUE_TEMPLATE/2-feature_request.yml vendored
View File

@ -1,6 +1,6 @@
name: Feature request
description: Suggest a new idea for Sandboxie
labels: ["Feature request"]
body:
- type: textarea
id: describe-feature

10
.github/dependabot.yml vendored Normal file
View File

@ -0,0 +1,10 @@
# Set update schedule for GitHub Actions
version: 2
updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
# Check for updates to GitHub Actions
interval: "weekly"
day: "tuesday"

BIN
.github/images/Icons8_logo.png vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.8 KiB

BIN
.github/images/binja-love.png vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 15 KiB

69
.github/stale.yml vendored Normal file
View File

@ -0,0 +1,69 @@
# Configuration for probot-stale - https://github.com/probot/stale
# Number of days of inactivity before an issue becomes stale
daysUntilStale: 90
# Number of days of inactivity before an Issue or Pull Request with the stale label is closed.
# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale.
daysUntilClose: 14
# Only issues or pull requests with all of these labels are check if stale. Defaults to `[]` (disabled)
onlyLabels:
- more info needed
- answered?
- build issue
# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable
exemptLabels:
- Feature request
- Low priority
- Regression
- Stalled work
- ToDo ASAP
- ToDo
- Work in progress
- Workaround
# Set to true to ignore issues in a project (defaults to false)
exemptProjects: false
# Set to true to ignore issues in a milestone (defaults to false)
exemptMilestones: false
# Set to true to ignore issues with an assignee (defaults to false)
exemptAssignees: false
# Label to use when marking an issue as stale
staleLabel: stale
# Comment to post when marking as stale. Set to `false` to disable
markComment: >
As it has been 3 months since the last activity, we are automatically closing the issue in
14 days. This is often because the request was already solved in some way and it just wasn't
updated or it's no longer applicable. If that's not the case, please respond to help us
investigate on newer Sandboxie versions. Thank you for your contribution!
# Comment to post when removing the stale label.
# unmarkComment: >
# Your comment here.
# Comment to post when closing a stale Issue or Pull Request. Set to `false` to disable
closeComment: false
# Limit the number of actions per hour, from 1-30. Default is 30
limitPerRun: 5
# Limit to only `issues` or `pulls`
only: issues
# Optionally, specify configuration settings that are specific to just 'issues' or 'pulls':
# pulls:
# daysUntilStale: 30
# markComment: >
# This pull request has been automatically marked as stale because it has not had
# recent activity. It will be closed if no further activity occurs. Thank you
# for your contributions.
# issues:
# exemptLabels:
# - confirmed

6
.github/workflows/codespell.yml vendored
View File

@ -11,8 +11,8 @@ on:
# Triggers the workflow on push or pull request events but only for the master branch
#push:
# branches: [ master ]
#pull_request:
# branches: [ master ]
pull_request:
branches: [ master ]
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
@ -26,7 +26,7 @@ jobs:
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
- name: Checkout
uses: actions/checkout@v2
uses: actions/checkout@v3
- name: Check spelling errors
uses: codespell-project/actions-codespell@master

8
.github/workflows/main.yml vendored
View File

@ -24,7 +24,7 @@ jobs:
steps:
- name: Checkout code
uses: actions/checkout@v2
uses: actions/checkout@v3
- name: Setup msbuild
uses: microsoft/setup-msbuild@v1.1
@ -43,7 +43,7 @@ jobs:
- name: Cache Qt
id: cache-qt
uses: actions/cache@v2
uses: actions/cache@v3.0.2
with:
path: ${{ runner.workspace }}\Qt
key: Qt-5.15.2-QtCache
@ -82,7 +82,7 @@ jobs:
run: Installer\merge_builds.cmd
- name: Upload Sandboxie 32
uses: actions/upload-artifact@v2
uses: actions/upload-artifact@v3
with:
name: Sandboxie_x86
path: |
@ -90,7 +90,7 @@ jobs:
retention-days: 60
- name: Upload Sandboxie 64
uses: actions/upload-artifact@v2
uses: actions/upload-artifact@v3
with:
name: Sandboxie_x64
path: |

202
CHANGELOG.md
View File

@ -29,20 +29,164 @@ This project adheres to [Semantic Versioning](http://semver.org/).
## [1.0.11 / 5.55.11] - 2022-02-14
## [1.0.19 / 5.55.19] - 2022-04-21
### Added
- added optional tray notification when a box content gets auto deleted
- added FreeDownloadManager template
- added warnign when opening unsandboxed regedit [#1606](https://github.com/sandboxie-plus/Sandboxie/issues/1606)
### Changed
- the asynchroniouse box operations introduced in the last build are due to a pupular request now disabled by default
- moved sys tray options from general to shell integration tab
- added drag and drop support for groups [#1775](https://github.com/sandboxie-plus/Sandboxie/issues/1775)
- added Del key support to the box view for all entry types [#1779](https://github.com/sandboxie-plus/Sandboxie/issues/1779)
- added warning when trying to run explorer.exe in a box with COM open [#1716](https://github.com/sandboxie-plus/Sandboxie/issues/1716)
### Fixed
- fixed compatybility issue with SECUROM [#1597](https://github.com/sandboxie-plus/Sandboxie/issues/1597)
- fixed crash issue in the SandMan UI [#1772](https://github.com/sandboxie-plus/Sandboxie/issues/1772)
- fixed issue with some installers when EnableObjectFiltering is enabled [#1795](https://github.com/sandboxie-plus/Sandboxie/issues/1795)
- fixed to allow NtCreateSymbolicLinkObject to be used safely in the sandbox
- added workaround for a Vivaldi hooking issue [1783](https://github.com/sandboxie-plus/Sandboxie/issues/1783)
-- Note: this fix is provisional, therefore it can be disabled with UseVivaldiWorkaround=n
- fixed registry issue with snapshots [#1782](https://github.com/sandboxie-plus/Sandboxie/issues/1782)
- fixed issue with box grouping [#1778](https://github.com/sandboxie-plus/Sandboxie/issues/1778) [#1777](https://github.com/sandboxie-plus/Sandboxie/issues/1777) [#1776](https://github.com/sandboxie-plus/Sandboxie/issues/1776)
- fixed further issues with box grouping [#1698](https://github.com/sandboxie-plus/Sandboxie/issues/1698) [#1697](https://github.com/sandboxie-plus/Sandboxie/issues/1697)
- fixed issues with snapshot UI [#1696](https://github.com/sandboxie-plus/Sandboxie/issues/1696) [#1695](https://github.com/sandboxie-plus/Sandboxie/issues/1695)
- fixed issue with recovery dialog focus [#1374](https://github.com/sandboxie-plus/Sandboxie/issues/1374)
## [1.0.18 / 5.55.18] - 2022-04-13
### Added
- added minor browsers to the BlockSoftwareUpdaters template (by APMichael) [#1784](https://github.com/sandboxie-plus/Sandboxie/pull/1784)
### Changed
- failed memory read attempts to unboxed processes will no longer cause message 2111 by default
-- Note: the message can still be enabled in the settings with "NotifyProcessAccessDenied=y"
- reordered the BlockSoftwareUpdaters template (by APMichael) [#1785](https://github.com/sandboxie-plus/Sandboxie/pull/1785)
### Fixed
- fixed pipe impersonation in compartment mode
- fixed issue with box clean-up which was introduced in a recent build
- fixed missing trace log clean-up command [#1773](https://github.com/sandboxie-plus/Sandboxie/issues/1773)
- fixed inability to unpin programs that have been pinned to the run menu [#1694](https://github.com/sandboxie-plus/Sandboxie/issues/1694)
## [1.0.17 / 5.55.17] - 2022-04-02
### Added
- added checkbox for easy read access to memory of unsandboxed processes (old Sbie behaviour, not recommended)
### Changed
- improved OpenProcess/OpenThread logging
### Fixed
- fixed crash issue with the new monitor mode
- fixed issue with resource access entry parsing
## [1.0.16 / 5.55.16] - 2022-04-01
### Added
- FIXED SECURITY ISSUE: memory of unsandboxed processes can no longer be read, exceptions are possible
-- you can use ReadIpcPath=$:program.exe to allow read access to unsandboxed processes or processes in other boxes
- Added "Monitor Mode" to the resource access trace, similar to the old monitor view of SbieCtrl.exe
### Changed
- EnableObjectFiltering is now set enabled by default, and replaces Sbie's old process/thread handle filter
- the $: syntax now accepts a wildcard $:* no more specialized wildcards though
### Fixed
- fixed NtGetNextProcess being fully disabled instead of properly filtered
- fixed reworked image name resolution when creating new processes in a sandbox
- fixed regression with HideOtherBoxes=y [#1743](https://github.com/sandboxie-plus/Sandboxie/issues/1743) [#1666](https://github.com/sandboxie-plus/Sandboxie/issues/1666)
## [1.0.15 / 5.55.15] - 2022-03-24
### Fixed
- fixed memory corruption introduced in the last build causing Chrome to crash sometimes
- FIXED SECURITY ISSUE: NtCreateSymbolicLinkObject was not filtered (thanks Diversenok)
## [1.0.14 / 5.55.14] - 2022-03-23
### Added
- added notification to warn that the default update checker is lagging behind the newest release on GitHub, to ensure that only bug-free builds are offered as updates [#1682](https://github.com/sandboxie-plus/Sandboxie/issues/1682)
- added main browsers to BlockSoftwareUpdaters template (by Dyras) [#1630](https://github.com/sandboxie-plus/Sandboxie/pull/1630)
- added a warning when Sandboxie-Plus.ini is not writeable [#1681](https://github.com/sandboxie-plus/Sandboxie/issues/1681)
- added clean-up for critical sections (by chunyou128) [#1686](https://github.com/sandboxie-plus/Sandboxie/pull/1686)
### Changed
- improved command line handling for breakout processes [#1655](https://github.com/sandboxie-plus/Sandboxie/issues/1655)
- disabled SBIE2193 notification (by isaak654) [#1690](https://github.com/sandboxie-plus/Sandboxie/pull/1690)
- improved error message 6004 [#1719](https://github.com/sandboxie-plus/Sandboxie/issues/1719)
### Fixed
- fixed dark mode issue with the new tray list
- fixed not showing a warning when Sandboxie-Plus.ini is not writeable [#1681](https://github.com/sandboxie-plus/Sandboxie/issues/1681)
- fixed issue with software compatibility checkbox (thanks MitchCapper) [#1678](https://github.com/sandboxie-plus/Sandboxie/issues/1678)
- fixed issue with events on box closure not always being executed [#1658](https://github.com/sandboxie-plus/Sandboxie/issues/1658)
- fixed memory leaks in key_merge.c
- fixed issue enumerating registry keys in privacy mode
- fixed settings issue introduced in 1.0.13 [#1684](https://github.com/sandboxie-plus/Sandboxie/issues/1684)
- fixed crash issue when parsing firewall port options
- FIXED SECURITY ISSUE: in certain cases a sandboxed process could obtain a handle on an unsandboxed thread with write privileges [#1714](https://github.com/sandboxie-plus/Sandboxie/issues/1714)
## [1.0.13 / 5.55.13] - 2022-03-08
### Fixed
- FIXED SECURITY ISSUE: Hard link creation was not properly filtered (thanks Diversenok)
- fixed issue with checking the certificate entry.
## [1.0.12 / 5.55.12] - 2022-03-02
### Added
- added mini dump creation to SandMan.exe in case it crashes
### Changed
- disabled Chrome and Firefox phishing entries in new sandboxes (by isaak654) [#1616](https://github.com/sandboxie-plus/Sandboxie/pull/1616)
- updated Mozilla paths for the BlockSoftwareUpdaters template (by isaak654) [#1623](https://github.com/sandboxie-plus/Sandboxie/pull/1623)
- renamed "Pause Forced Programs Rules" command to "Pause Forcing Programs" (Plus only)
- reworked tray icon generation now using overlays, added busy overlay
### Fixed
- fixed issue with accessing network drives in privacy mode [#1617](https://github.com/sandboxie-plus/Sandboxie/issues/1617)
- fixed issue with ping in compartment mode [#1608](https://github.com/sandboxie-plus/Sandboxie/issues/1608)
- fixed SandMan UI freezing when a lot of processes are created and closed in a box [#1607](https://github.com/sandboxie-plus/Sandboxie/issues/1607)
- fixed Editing existing 'Run Menu' Command Line entry not being recognized [#1648](https://github.com/sandboxie-plus/Sandboxie/issues/1648)
- fixed blue screen issue in driver (thanks Diversenok)
- fixed incompatibility with Windows 11 Insider Build 22563.1 [#1654](https://github.com/sandboxie-plus/Sandboxie/issues/1654)
## [1.0.11 / 5.55.11] - 2022-02-13
### Added
- added optional tray notification when box content gets auto-deleted
- added FreeDownloadManager template
- added warning when opening unsandboxed regedit [#1606](https://github.com/sandboxie-plus/Sandboxie/issues/1606)
- added languages files that were missing in official Qt 5.15.2 (by DevSplash) [#1605](https://github.com/sandboxie-plus/Sandboxie/pull/1605)
### Changed
- the asynchronous box operations introduced in the last build are now disabled by default
- moved sys tray options from general to shell integration tab
- removed "AlwaysUseWin32kHooks", now these win32 hooks are always enabled
-- Note: you can use "UseWin32kHooks=program.exe,n" to disable them for selected programs
- updated Listary template to v6 (by isaak654) [#1610](https://github.com/sandboxie-plus/Sandboxie/pull/1610)
### Fixed
- fixed compatibility issue with SECUROM [#1597](https://github.com/sandboxie-plus/Sandboxie/issues/1597)
- fixed modality issue [#1615](https://github.com/sandboxie-plus/Sandboxie/issues/1615)
- fixed special form of OpenWinClass in Templates.ini [d6d9588](https://github.com/sandboxie-plus/Sandboxie/commit/d6d95889a91d31dd55dd2b2d136d8f80c9a8ea71)
@ -52,18 +196,18 @@ This project adheres to [Semantic Versioning](http://semver.org/).
- added option to show only boxes in tray with running processes [#1186](https://github.com/sandboxie-plus/Sandboxie/issues/1186)
-- additional option shows only pinned boxes, in box options a box can be set to be always shown in tray list (Pinned)
- added Options menu command to reset the GUI [#1589](https://github.com/sandboxie-plus/Sandboxie/issues/1589)
- added `Run Un-Sandboxed` context menu option
- added new trigger `OnBoxDelete` that allows to specify a command that is run UNBOXED just before the box content gets deleted
-- note: this can be used as a replacement to `DeleteCommand` [#591](https://github.com/sandboxie-plus/Sandboxie/issues/591)
- added "Run Un-Sandboxed" context menu option
- added new trigger "OnBoxDelete" that allows to specify a command that is run UNBOXED just before the box content gets deleted
-- note: this can be used as a replacement to "DeleteCommand" [#591](https://github.com/sandboxie-plus/Sandboxie/issues/591)
- selected box operations (deletion) no longer show the progress dialog [#1061](https://github.com/sandboxie-plus/Sandboxie/issues/1061)
-- if a box with a running operation shows a blinking hour glass icon, the context menu can be used to cancel the operation
### Changed
- `HideHostProcess=program.exe` can now be used to hide sandboxie services [#1336](https://github.com/sandboxie-plus/Sandboxie/issues/1336)
- "HideHostProcess=program.exe" can now be used to hide Sandboxie services [#1336](https://github.com/sandboxie-plus/Sandboxie/issues/1336)
- updater blocking is now done using a template called BlockSoftwareUpdaters
- enhanced `StartProgram=...` makes `StartCommand=...` obsolete
-- for same functionality as `StartCommand=...`, use `StartProgram=%SbieHome%\Start.exe ...`
- merged `Auto Start` General tab with the `Auto Exec` Advanced tab into a universal `Triggers` Advanced tab
- enhanced "StartProgram=..." makes "StartCommand=..." obsolete
-- for same functionality as "StartCommand=...", use "StartProgram=%SbieHome%\Start.exe ..."
- merged "Auto Start" General tab with the "Auto Exec" Advanced tab into a universal "Triggers" Advanced tab
### Fixed
- fixed a couple issues with the new breakout process feature and improved security (thanks Diversenok)
@ -72,13 +216,13 @@ This project adheres to [Semantic Versioning](http://semver.org/).
- fixed issue about command line invocation handling [#1133](https://github.com/sandboxie-plus/Sandboxie/issues/1133)
- fixed UI issue with main window state when switching always on top attribute [#1169](https://github.com/sandboxie-plus/Sandboxie/issues/1169)
- fixed issue with box context menu in tray list [1106](https://github.com/sandboxie-plus/Sandboxie/issues/1106)
- fixed issue with `AutoExec=...`
- fixed issues where canceling box deletion operations didn't work [#1061](https://github.com/sandboxie-plus/Sandboxie/issues/1061)
- fixed issue with DPI scalling and color picker dialog [#803](https://github.com/sandboxie-plus/Sandboxie/issues/803)
- fixed issue with "AutoExec=..."
- fixed issues where cancelling box deletion operations didn't work [#1061](https://github.com/sandboxie-plus/Sandboxie/issues/1061)
- fixed issue with DPI scaling and colour picker dialog [#803](https://github.com/sandboxie-plus/Sandboxie/issues/803)
### Removed
- removed `UseRpcMgmtSetComTimeout=AppXDeploymentClient.dll,y` used for Free Download Manager as it broke other things
-- only if you use Free Download Manager together with the setting `RpcMgmtSetComTimeout=n` in a sandbox, you have to add the line manually to your Sandboxie.ini
- removed "UseRpcMgmtSetComTimeout=AppXDeploymentClient.dll,y" used for Free Download Manager as it broke other things
-- only if you use Free Download Manager together with the setting "RpcMgmtSetComTimeout=n" in a sandbox, you have to add the line manually to your Sandboxie.ini
@ -96,12 +240,12 @@ This project adheres to [Semantic Versioning](http://semver.org/).
### Changed
- reworked breakout mechanism to be service based and not allowing the parent process to access the broken out child process
- enabled creation of directory junctions for sandboxed processes [#1375](https://github.com/sandboxie-plus/Sandboxie/issues/1375)
- restored back AutoRecover=y on box creation [#1554](https://github.com/sandboxie-plus/Sandboxie/discussions/1554)
- restored back "AutoRecover=y" on box creation [#1554](https://github.com/sandboxie-plus/Sandboxie/discussions/1554)
- improved snapshot support [#1220](https://github.com/sandboxie-plus/Sandboxie/issues/1220)
- renamed "Disable Forced Programs" command to "Pause Forced Programs Rules" (Plus only)
### Fixed
- fixed BreakoutProcess not working with EnableObjectFiltering=y
- fixed BreakoutProcess not working with "EnableObjectFiltering=y"
- FIXED SECURITY ISSUE: when starting *COMSRV* unboxed, the returned process handle had full access
- fixed issue with progress dialog [#1562](https://github.com/sandboxie-plus/Sandboxie/issues/1562)
- fixed issue with handling directory junctions in Sandboxie [#1396](https://github.com/sandboxie-plus/Sandboxie/issues/1396)
@ -216,7 +360,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
-- it can be enabled per process or globally using "EnableMiniDump=process.exe,y" or "EnableMiniDump=y" respectively
-- the dump flags can be set as hex with "MiniDumpFlags=0xAABBCCDD"
-- a preselected flag set for a verbose dump can be set with "MiniDumpFlags=Extended"
-- Note: created dump files are located at: `C:\Sandbox\%SANDBOX%`
-- Note: created dump files are located at: `C:\Sandbox\%USER%\%SANDBOX%`
- added template support for Osiris and Slimjet browsers (by Dyras) [#1454](https://github.com/sandboxie-plus/Sandboxie/pull/1454)
### Changed
@ -328,12 +472,12 @@ This project adheres to [Semantic Versioning](http://semver.org/).
- added experimental use of ObRegisterCallbacks to filter object creation and duplication
-- this filtering is independent from the regular SbieDrv's syscall-based filtering, hence it also applies to App Compartments
-- with it enabled, an application running in a compartment will not be able to manipulate processes running outside the sandbox
-- Note: this feature improves the security of unisolated App Compartment boxes
-- Note: this feature improves the security of non-isolated App Compartment boxes
-- to enable this feature, set "EnableObjectFiltering=y" in the global section and reload the driver
-- when globally activated, the filtering can be disabled for individual boxes with "DisableObjectFilter=y"
- added "DontOpenForBoxed=n", this option disables the discrimination of boxed processes for open file and open key directives
-- this behaviour does not really improve security anyways, but may be annoying, also app compartments always disable this
-- this behaviour does not really improve security anyway, but may be annoying, also app compartments always disable this
- added setting to entirely open access to the COM infrastructure
@ -1616,9 +1760,9 @@ Fixed issue with Windows 7
## [0.2.2 / 5.41.2] - 2020-06-19
### Added
- added option SeparateUserFolders=n to no longer have the user profile files stored separately in the sandbox
- added SandboxieLogon=y it makes processes run under the SID of the "Sandboxie" user instead of the Anonymous user
-- Note: the global option AllowSandboxieLogon=y must be enabled, the "Sandboxie" user account must be manually created first and the driver reloaded, else process start will fail
- added option "SeparateUserFolders=n" to no longer have the user profile files stored separately in the sandbox
- added "SandboxieLogon=y" - it makes processes run under the SID of the "Sandboxie" user instead of the Anonymous user
-- Note: the global option "AllowSandboxieLogon=y" must be enabled, the "Sandboxie" user account must be manually created first and the driver reloaded, else process start will fail
- improved debugging around process creation errors in the driver
### Fixed

2
Installer/Languages.iss
View File

@ -315,7 +315,7 @@ ukrainian.SandboxedBrowser=Браузер у пісочниці
ukrainian.CustomPageLabel1=Оберіть тип встановки
ukrainian.CustomPageLabel2=Як потрібно встановити
ukrainian.CustomPageLabel3=Оберіть режим встановки
ukrainian.CustomPageInstallMode=Встановити {#MyAppName} на цьому комп'ютері
ukrainian.CustomPageInstallMode=Встановити {#MyAppName} на цьому пристрої
ukrainian.CustomPageUpgradeMode=Оновити існуючу встановку {#MyAppName}
ukrainian.CustomPagePortableMode=Витягти всі файли у каталог для портативного режиму
ukrainian.RequiresWin7OrLater=Для Sandboxie-Plus потрібно Windows 7 або новіше.

6
Installer/copy_build.cmd
View File

@ -75,9 +75,9 @@ ECHO Copying SandMan translations
mkdir %instPath%\translations\
rem copy /y %~dp0..\SandboxiePlus\SandMan\sandman_*.qm %instPath%\translations\
copy /y %~dp0..\SandboxiePlus\Build_SandMan_%archPath%\release\sandman_*.qm %instPath%\translations\
copy /y %qtPath%\translations\qt_*.qm %instPath%\translations\
copy /y %qtPath%\translations\qtbase_*.qm %instPath%\translations\
copy /y %qtPath%\translations\qtmultimedia_*.qm %instPath%\translations\
copy /y %~dp0\qttranslations\qm\qt_*.qm %instPath%\translations\
copy /y %~dp0\qttranslations\qm\qtbase_*.qm %instPath%\translations\
copy /y %~dp0\qttranslations\qm\qtmultimedia_*.qm %instPath%\translations\
copy /y %qtPath%\translations\qtscript_*.qm %instPath%\translations\
copy /y %qtPath%\translations\qtxmlpatterns_*.qm %instPath%\translations\

8
Installer/get_qttranslations.cmd Normal file
View File

@ -0,0 +1,8 @@
mkdir %~dp0qttranslations
mkdir %~dp0qttranslations\ts
mkdir %~dp0qttranslations\qm
set fileName=qttranslations-everywhere-src-6.2.3.zip
set downloadUrl=https://download.qt.io/archive/qt/6.2/6.2.3/submodules/%filename%
curl -L %downloadUrl% -o %~dp0qttranslations\%filename%
"C:\Program Files\7-Zip\7z.exe" e -i!*\translations\qt_*.ts -i!*\translations\qtbase_*.ts -i!*\translations\qtmultimedia_*.ts %~dp0qttranslations\%filename% -o%~dp0qttranslations\ts\
for %%a in (%~dp0qttranslations\ts\*.ts) do (lrelease.exe -silent %%a -qm %~dp0qttranslations\qm\%%~na.qm)

2
Installer/merge_builds.cmd
View File

@ -2,6 +2,8 @@
call %~dp0get_openssl.cmd
call %~dp0get_qttranslations.cmd
call %~dp0copy_build.cmd x64
call %~dp0copy_build.cmd x86

21
README.md
View File

@ -4,9 +4,11 @@
<img align="left" src="https://user-images.githubusercontent.com/12372772/123517080-8ab20a00-d69f-11eb-8e82-2e18cf6e0303.png">
Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. It creates a sandbox-like isolated operating environment in which applications can be run or installed without permanently modifying local & mapped drives or the windows registry. An isolated virtual environment allows controlled testing of untrusted programs and web surfing.<br><br>
| System requirements | Release notes |
| :---: | :---: |
| Windows 7 or higher, 32-bit or 64-bit. | [CHANGELOG.md](https://github.com/sandboxie-plus/Sandboxie/blob/master/CHANGELOG.md)
| System requirements | Release notes | Security policy |
| :---: | :---: | :---: |
| Windows 7 or higher, 32-bit or 64-bit. | [CHANGELOG.md](https://github.com/sandboxie-plus/Sandboxie/blob/master/CHANGELOG.md) | [SECURITY.md](https://github.com/sandboxie-plus/Sandboxie/blob/master/SECURITY.md) |
We encourage the developers and security community to conduct research, report issues, and suggest improvements on this code base. However, please do **not** report security vulnerabilities in public GitHub comments. This repository has a SECURITY file with instructions on responsibly reporting security vulnerabilities.
## Download
[![GitHub All Releases](https://img.shields.io/github/downloads/sandboxie-plus/Sandboxie/total?style=for-the-badge)](https://github.com/sandboxie-plus/Sandboxie/releases/latest)
@ -47,6 +49,18 @@ Open Source release
2020 onwards David Xanatos
## Project support / sponsorship
[<img align="left" height="64" width="64" src="https://raw.githubusercontent.com/sandboxie-plus/Sandboxie/master/.github/images/binja-love.png">](https://binary.ninja/)
Thank you [Vector 35](https://vector35.com/) for providing a [Binary Ninja](https://binary.ninja/) license to help with reverse engineering.
<br>
Binary Ninja is a multi-platform interactive disassembler, decompiler, and binary analysis tool for reverse engineers, malware analysts, vulnerability researchers, and software developers.<br>
<br>
[<img align="left" height="64" width="64" src="https://raw.githubusercontent.com/sandboxie-plus/Sandboxie/master/.github/images/Icons8_logo.png">](https://icons8.de/)Thank you [Icons8](https://icons8.de/) for providing icons for the project.
<br>
<br>
<br>
## Helpful Contributors
- DavidBerdik - Maintainer of [Sandboxie Website Archive](https://github.com/Sandboxie-Website-Archive/sandboxie-website-archive.github.io)
- diversenok - Security analysis & PoC's
@ -62,6 +76,7 @@ Open Source release
- mpheath - Author of Plus installer / Code fixes
- yfdyh000 - Localization support for Plus installer
- NewKidOnTheBlock - Changelog fixes
- Naeemh1 - Documentation additions
## Translators
- yuhao2348732, nkh0472, yfdyh000, gexgd0419 - Chinese Simplified

3
Sandboxie/apps/com/RpcSs/linger.c
View File

@ -601,6 +601,9 @@ do_kill_all:
}
}
// cleanup CS
DeleteCriticalSection(&ProcessCritSec);
// this process is no longer needed
ExitProcess(0);

4
Sandboxie/apps/control/AppPage.cpp
View File

@ -1529,8 +1529,8 @@ void CAppPage::UpdateTemplates3(CBox &box,
void CAppPage::SetDefaultTemplates6(CBox &box)
{
box.EnableTemplate(L"AutoRecoverIgnore", TRUE);
box.EnableTemplate(L"Firefox_Phishing_DirectAccess", TRUE);
box.EnableTemplate(L"Chrome_Phishing_DirectAccess", TRUE);
//box.EnableTemplate(L"Firefox_Phishing_DirectAccess", TRUE);
//box.EnableTemplate(L"Chrome_Phishing_DirectAccess", TRUE);
box.EnableTemplate(L"LingerPrograms", TRUE);
SetDefaultTemplates7(box);
}

14
Sandboxie/common/bignum.c
View File

@ -219,9 +219,9 @@ _FX BIGNUM BigNum_ShiftRight(POOL *pool, BIGNUM BigNumA, ULONG Bits)
{
//
// shift an input bignum by the specified number of bits. calculate
// the number of words in the result as the number of signficant words
// the number of words in the result as the number of significant words
// in the input, minus the number of shift bits divided by the size of
// a bignum word. if the new length is zero or one words, then use a
// a bignum word. If the new length is zero or one words, then use a
// zero value or the value of the highest word, respectively, to create
// a single word bignum. otherwise right-shift each two consecutive
// words from the input bignum into a single word in the result bignum.
@ -292,12 +292,12 @@ _FX BIGNUM BigNum_ShiftLeft(
{
//
// shift an input bignum by the specified number of bits and 'or' the
// last parameter into the resulting low order word. if the number of
// signficant words in the input is zero, the create a single word
// bignum using the 'or' value. otherwise calculatevthe number of
// words in the result as the number of signficant words in the input,
// last parameter into the resulting low order word. If the number of
// significant words in the input is zero, the create a single word
// bignum using the 'or' value. Otherwise calculate the number of
// words in the result as the number of significant words in the input,
// plus the number of shift bits divided by the size of a bignum word.
// left-shift each two consecutive words from the input bignum into a
// Left-shift each two consecutive words from the input bignum into a
// single word in the result bignum.
//

4
Sandboxie/common/ini.cpp
View File

@ -37,10 +37,10 @@ WCHAR* Ini_Prep_ConfigLine(WCHAR* iniDataPtr, WCHAR* &line, WCHAR* &end)
while (*line == L' ' || *line == L'\t' || *line == L'\r') line++;
// find the line ending
end = wcschr(line, L'\n');
// if there is no line ending its teh last line so fine the sring termiantor
// it is the last line if there is no line ending, so find the string terminator
if (end == NULL) iniDataPtr = end = wcschr(line, L'\0');
else iniDataPtr = end + 1;
// trim tailing whitespaces
// trim trailing whitespaces
while (end > line && (*(end-1) == L' ' || *(end-1) == L'\t' || *(end-1) == L'\r')) end--;
// return pointer to next line
return iniDataPtr;

2
Sandboxie/common/json/JSONValue.cpp
View File

@ -298,7 +298,7 @@ JSONValue *JSONValue::Parse(const wchar_t **data)
return NULL;
}
// Ran out of possibilites, it's bad!
// Ran out of possibilities, it's bad!
else
{
return NULL;

2
Sandboxie/common/map.c
View File

@ -96,7 +96,7 @@ void map_init(map_base_t* m, void* pool)
m->func_free = &map_free;
m->func_hash_key = &map_hash;
m->func_key_size = NULL; // use key by value not by reference
m->func_match_key = NULL; // use memcmp by defualt
m->func_match_key = NULL; // use memcmp by default
}

2
Sandboxie/common/my_ntdll.c
View File

@ -30,7 +30,7 @@ typedef long NTSTATUS;
// As more recent versions of ntdll.lib are not offering many CRT functions we have to create own libs.
// See NtCRT_x64.def and NtCRT_x86.def respectively for the functions, we use a custom build step
// "lib /def:%(FullPath) /out:$(SolutionDir)Bin\$(PlatformName)\$(Configuration)\NtCRT.lib /machine:x64"
// on the apropriate def file, for x86 we use the switch /machine:x86 instead.
// on the appropriate def file, for x86 we use the switch /machine:x86 instead.
//
// For the x86 build we also need _except_handler3 which we have recreated in except_handler3.asm
//

6
Sandboxie/common/my_shlwapi.h
View File

@ -30,12 +30,12 @@ enum {
ASSOCF_OPEN_BYEXENAME = 0x00000002, // executable is being passed in
ASSOCF_INIT_DEFAULTTOSTAR = 0x00000004, // treat "*" as the BaseClass
ASSOCF_INIT_DEFAULTTOFOLDER = 0x00000008, // treat "Folder" as the BaseClass
ASSOCF_NOUSERSETTINGS = 0x00000010, // dont use HKCU
ASSOCF_NOTRUNCATE = 0x00000020, // dont truncate the return string
ASSOCF_NOUSERSETTINGS = 0x00000010, // don't use HKCU
ASSOCF_NOTRUNCATE = 0x00000020, // don't truncate the return string
ASSOCF_VERIFY = 0x00000040, // verify data is accurate (DISK HITS)
ASSOCF_REMAPRUNDLL = 0x00000080, // actually gets info about rundlls target if applicable
ASSOCF_NOFIXUPS = 0x00000100, // attempt to fix errors if found
ASSOCF_IGNOREBASECLASS = 0x00000200, // dont recurse into the baseclass
ASSOCF_IGNOREBASECLASS = 0x00000200, // don't recurse into the baseclass
};
typedef DWORD ASSOCF;

8
Sandboxie/common/my_version.h
View File

@ -1,6 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020-2021 David Xanatos, xanasoft.com
* Copyright 2020-2022 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -23,7 +23,7 @@
#define MY_VERSION_BINARY 5,56,0
#define MY_VERSION_STRING "5.56.0"
#define MY_VERSION_COMPAT "5.55.0" // this refers to the driver ABI compatibility
#define MY_VERSION_COMPAT "5.56.0" // this refers to the driver ABI compatibility
// These #defines are used by either Resource Compiler or NSIS installer
#define SBIE_INSTALLER_PATH "..\\Bin\\"
@ -32,8 +32,8 @@
#define MY_PRODUCT_NAME_STRING "Sandboxie"
#define MY_COMPANY_NAME_STRING "Sandboxie-Plus.com"
#define MY_COPYRIGHT_STRING "Copyright © 2020-2022 by David Xanatos (xanasoft.com)"
#define MY_COPYRIGHT_STRING_OLD "Copyright © 2004-2020 by Sandboxie Holdings, LLC"
#define MY_COPYRIGHT_STRING "Copyright © 2020-2022 by David Xanatos (xanasoft.com)"
#define MY_COPYRIGHT_STRING_OLD "Copyright © 2004-2020 by Sandboxie Holdings, LLC"
#define SANDBOXIE L"Sandboxie"
#define SBIE L"SBIE"

20
Sandboxie/common/netfw.c
View File

@ -136,7 +136,7 @@ BOOLEAN NetFw_MergePortMaps(rbtree_t* dst, rbtree_t* src, POOL* pool)
{
//
// search for overlaps, and if found abort
// we merge only non overlaping ranges as single entries vs ranges have a different priority
// we merge only non overlapping ranges as single entries vs ranges have a different priority
//
for (NETFW_PORTS* src_node = (NETFW_PORTS*)rbtree_first(src); ((rbnode_t*)src_node) != RBTREE_NULL; src_node = (NETFW_PORTS*)rbtree_next((rbnode_t*)src_node)) {
@ -224,7 +224,7 @@ BOOLEAN NetFw_MergeIPMaps(rbtree_t* dst, rbtree_t* src, POOL* pool)
{
//
// search for overlaps, and if found abort
// we merge only non overlaping ranges as single entries vs ranges have a different priority
// we merge only non overlapping ranges as single entries vs ranges have a different priority
//
for (NETFW_IPS* src_node = (NETFW_IPS*)rbtree_first(src); ((rbnode_t*)src_node) != RBTREE_NULL; src_node = (NETFW_IPS*)rbtree_next((rbnode_t*)src_node)) {
@ -302,7 +302,7 @@ void NetFw_AddRule(LIST* list, NETFW_RULE* new_rule)
goto next; // must be same protocol
//
// seams we might be able to marge these rules
// it seems we might be able to merge these rules
// now we check the convoluted case when rules havs ip's and port's set
//
@ -480,7 +480,7 @@ BOOLEAN NetFw_ParseRule(NETFW_RULE* rule, const WCHAR* found_value)
if (port_str2) {
port_len1 = (ULONG)(port_str2 - port_str1);
port_str2++; // skip dash
ULONG port_len2 = (ULONG)(port_end - port_str2);
ULONG port_len2 = (ULONG)(port_value - port_str2);
USHORT Port1 = (USHORT)_wntoi(port_str1, port_len1);
USHORT Port2 = (USHORT)_wntoi(port_str2, port_len2);
@ -506,7 +506,7 @@ BOOLEAN NetFw_ParseRule(NETFW_RULE* rule, const WCHAR* found_value)
if (ip_str2) {
ip_len1 = (ULONG)(ip_str2 - ip_str1);
ip_str2++; // skip dash
ULONG ip_len2 = (ULONG)(ip_end - ip_str2);
ULONG ip_len2 = (ULONG)(ip_value - ip_str2);
IP_ADDRESS ip1;
_inet_xton(ip_str1, ip_len1, &ip1);
@ -653,7 +653,7 @@ static int delimchar(int c)
int _inet_pton(int af, const wchar_t *src, void *dst) // ip is always in network order !!!
{
int i, elipsis = 0;
int i, ellipsis = 0;
unsigned char *to;
unsigned long x;
const wchar_t *p, *op;
@ -691,9 +691,9 @@ int _inet_pton(int af, const wchar_t *src, void *dst) // ip is always in network
to[i+1] = (unsigned char)x;
if(*p == L':'){
if(*++p == L':'){ /* :: is elided zero short(s) */
if (elipsis)
if (ellipsis)
return 0; /* second :: */
elipsis = i+2;
ellipsis = i+2;
p++;
}
} else if (p == op) /* strtoul made no progress? */
@ -702,8 +702,8 @@ int _inet_pton(int af, const wchar_t *src, void *dst) // ip is always in network
if (p == src || !delimchar(*p))
return 0; /* parse error */
if(i < 16){
memmove(&to[elipsis+16-i], &to[elipsis], i-elipsis);
memset(&to[elipsis], 0, 16-i);
memmove(&to[ellipsis+16-i], &to[ellipsis], i-ellipsis);
memset(&to[ellipsis], 0, 16-i);
}
return 1;
}

16
Sandboxie/common/ntproto.h
View File

@ -511,6 +511,22 @@ typedef NTSTATUS (*P_NtImpersonateThread)(
IN HANDLE ClientThreadHandle,
IN PSECURITY_QUALITY_OF_SERVICE SecurityQos);
typedef NTSTATUS (*P_NtCreateSymbolicLinkObject)(
PHANDLE SymbolicLinkHandle,
ACCESS_MASK DesiredAccess,
POBJECT_ATTRIBUTES ObjectAttributes,
PUNICODE_STRING DestinationName);
typedef NTSTATUS (*P_NtOpenSymbolicLinkObject)(
OUT PHANDLE SymbolicLinkHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes);
typedef NTSTATUS (*P_NtQuerySymbolicLinkObject)(
IN HANDLE SymbolicLinkHandle,
IN OUT PUNICODE_STRING LinkTarget,
OUT PULONG ReturnedLength);
typedef NTSTATUS (*P_NtLoadDriver)(
IN PUNICODE_STRING RegistryPath);

2
Sandboxie/common/pool.c
View File

@ -933,7 +933,7 @@ ALIGNED void Pool_Free_Cells(void *ptr, ULONG size)
POOL_LOCK(pages_lock);
// if after de-allocation, a full page crosses threshold in reverse,
// we move it to the list of usuable pages
// we move it to the list of usable pages
if (page->num_free < FULL_PAGE_THRESHOLD &&
page->num_free + size >= FULL_PAGE_THRESHOLD) {

2
Sandboxie/common/rbtree.c
View File

@ -68,7 +68,7 @@ static void rbtree_insert_fixup(rbtree_t *rbtree, rbnode_t *node);
static void rbtree_delete_fixup(rbtree_t* rbtree, rbnode_t* child, rbnode_t* child_parent);
/*
* Intializes a new red black tree.
* Initializes a new red black tree.
*
*/
void

6
Sandboxie/common/stream.c
View File

@ -391,9 +391,9 @@ ULONG Read_BOM(UCHAR** data, ULONG* len)
else
{
// If there is no BOM/Signature try to detect the file type
// Unicode Litle Endian (windows wchar_t) will have the n*2+1 bytes 0 as long, as no higher unicode chrakters are used
// Unicode Little Endian (windows wchar_t) will have the n*2+1 bytes 0 as long, as no higher unicode characters are used
BOOLEAN LooksUnicodeLE = TRUE;
// similrly Unicode Big Endian (byte swaped) will have the n*2 bytes 0 as long
// similrly Unicode Big Endian (byte swapped) will have the n*2 bytes 0 as long
BOOLEAN LooksUnicodeBE = TRUE;
// UTF-8 shouldn't have null bytes
for (ULONG pos = 0; (pos + 1) < min(*len, 16); pos += 2) // check first 8 char16's
@ -457,7 +457,7 @@ NTSTATUS Stream_Read_Wchar(
IN STREAM* stream,
OUT USHORT* v)
{
if (stream->encoding == 0) // Unicode Litle Endian
if (stream->encoding == 0) // Unicode Little Endian
{
UCHAR* b = (UCHAR*)v;
STREAM_GET_BYTE(b[0]);

2
Sandboxie/core/dll/callsvc.c
View File

@ -182,7 +182,7 @@ _FX MSG_HEADER *SbieDll_CallServer(MSG_HEADER *req)
//default: Sbie_snwprintf(dbg, 1024, L"SbieDll_CallServer: %s 0x%04x", Dll_ImageName, req->msgid);
default: Sbie_snwprintf(dbg, 1024, L"SbieDll_CallServer: %s %s", Dll_ImageName, Trace_SbieSvcFunc2Str(req->msgid));
}
SbieApi_MonitorPut2(MONITOR_OTHER | MONITOR_TRACE, dbg, FALSE);
SbieApi_MonitorPutMsg(MONITOR_OTHER | MONITOR_TRACE, dbg);
}
//

16
Sandboxie/core/dll/com.c
View File

@ -561,7 +561,7 @@ _FX BOOLEAN Com_IsClosedClsid(REFCLSID rclsid)
//
// initialize list of user-configured CLSID blocks
// Note: the service threads everythign not explicitly open as closed anyways
// Note: the service threads everything not explicitly open as closed anyways
//
static const WCHAR* setting = L"ClosedClsid";
@ -1441,7 +1441,7 @@ _FX BOOLEAN Com_Init_Ole32(HMODULE module)
//
// on Windows 8, core COM functions are in combase.dll which is
// initialized separately. on earlier versions of Windows, the
// core COM fuctions are part of ole32.dll
// core COM functions are part of ole32.dll
//
if (! Com_Init_ComBase(module))
@ -3403,7 +3403,7 @@ _FX void Com_Trace2(
//ptr[1] = L'\0';
//OutputDebugString(text);
*ptr = L'\0';
SbieApi_MonitorPut(MONITOR_COMCLASS | monflag, text);
SbieApi_MonitorPut2(MONITOR_COMCLASS | monflag, text, FALSE);
Com_Free(text);
}
@ -3420,7 +3420,7 @@ _FX void Com_Monitor(REFCLSID rclsid, ULONG monflag)
WCHAR text[160];
Com_Trace_Guid(text, rclsid, L"CLSID");
SbieApi_MonitorPut(MONITOR_COMCLASS | monflag, text);
SbieApi_MonitorPut2(MONITOR_COMCLASS | monflag, text, FALSE);
}
}
@ -3506,7 +3506,7 @@ _FX void Com_LoadRTList(const WCHAR* setting, WCHAR** pNames)
_FX BOOLEAN Com_IsClosedRT(const wchar_t* strClassId)
{
//
// Even in compartment mode thes things don't work only incombination with open COM its functional
// Even in compartment mode, these things are functional only in combination with open COM
//
if (!(Ipc_OpenCOM && Dll_CompartmentMode) && !SbieApi_QueryConfBool(NULL, L"DisableRTBlacklist", FALSE)) {
@ -3524,7 +3524,7 @@ _FX BOOLEAN Com_IsClosedRT(const wchar_t* strClassId)
}
//
// ToastNotificationManager requirers open com and original token, with boxed com this causes in a dead lock
// ToastNotificationManager requires open com and original token, with boxed com this causes a deadlock
//
if (wcscmp(strClassId, L"Windows.UI.Notifications.ToastNotificationManager") == 0)
@ -3557,11 +3557,11 @@ _FX HRESULT Com_RoGetActivationFactory(HSTRING activatableClassId, REFIID iid,
const wchar_t* strClassId = __sys_WindowsGetStringRawBuffer(activatableClassId, NULL);
if (Com_IsClosedRT(strClassId)) {
SbieApi_MonitorPut(MONITOR_RTCLASS | MONITOR_DENY, strClassId);
SbieApi_MonitorPut2(MONITOR_RTCLASS | MONITOR_DENY, strClassId, FALSE);
return E_ACCESSDENIED;
}
SbieApi_MonitorPut(MONITOR_RTCLASS, strClassId);
SbieApi_MonitorPut2(MONITOR_RTCLASS, strClassId, FALSE);
return __sys_RoGetActivationFactory(activatableClassId, iid, factory);
}

4
Sandboxie/core/dll/custom.c
View File

@ -27,7 +27,7 @@
//---------------------------------------------------------------------------
// Fuctions
// Functions
//---------------------------------------------------------------------------
@ -1136,7 +1136,7 @@ _FX BOOLEAN SbieDll_ExpandAndRunProgram(const WCHAR *Command)
wmemcpy(ptr2, ptr, length);
ptr2 += len;
}
wcscpy(ptr2, ptr1); // copy whats left
wcscpy(ptr2, ptr1); // copy what's left
Dll_Free(cmdline);

8
Sandboxie/core/dll/debug.c
View File

@ -410,7 +410,7 @@ void DbgPrint(const char* format, ...)
char tmp1[510];
extern int(*P_vsnprintf)(char *_Buffer, size_t Count, const char * const, va_list Args);
P_vsnprintf(tmp1, 510, format, va_args);
P_vsnprintf(tmp1, sizeof(tmp1), format, va_args);
OutputDebugStringA(tmp1);
@ -433,11 +433,11 @@ void DbgTrace(const char* format, ...)
WCHAR tmp2[510];
extern int(*P_vsnprintf)(char *_Buffer, size_t Count, const char * const, va_list Args);
P_vsnprintf(tmp1, 510, format, va_args);
P_vsnprintf(tmp1, sizeof(tmp1), format, va_args);
Sbie_snwprintf((WCHAR *)tmp2, 510, L"%S", tmp1);
Sbie_snwprintf((WCHAR *)tmp2, sizeof(tmp2)/sizeof(WCHAR), L"%S", tmp1);
SbieApi_MonitorPut2(MONITOR_OTHER | MONITOR_TRACE, tmp2, FALSE);
SbieApi_MonitorPutMsg(MONITOR_OTHER | MONITOR_TRACE, tmp2);
va_end(va_args);
}

14
Sandboxie/core/dll/dll.h
View File

@ -347,13 +347,19 @@ void Dll_FreeCode128(void *ptr);
THREAD_DATA *Dll_GetTlsData(ULONG *pLastError);
void Dll_FreeTlsData(void);
//#define NAME_BUFFER_DEBUG
#ifdef NAME_BUFFER_DEBUG
WCHAR *Dll_GetTlsNameBuffer_(THREAD_DATA *data, ULONG which, ULONG size, char* func);
void Dll_PushTlsNameBuffer_(THREAD_DATA *data, char* func);
void Dll_PopTlsNameBuffer_(THREAD_DATA *data, char* func);
#define Dll_GetTlsNameBuffer(x,y,z) Dll_GetTlsNameBuffer_(x, y, z, __FUNCTION__)
#define Dll_PushTlsNameBuffer(x) Dll_PushTlsNameBuffer_(x, __FUNCTION__)
#define Dll_PopTlsNameBuffer(x) Dll_PopTlsNameBuffer_(x, __FUNCTION__)
#else
WCHAR *Dll_GetTlsNameBuffer(THREAD_DATA *data, ULONG which, ULONG size);
void Dll_PushTlsNameBuffer(THREAD_DATA *data);
void Dll_PopTlsNameBuffer(THREAD_DATA *data);
//void Dll_PushTlsNameBuffer_(THREAD_DATA *data, char* func);
//void Dll_PopTlsNameBuffer_(THREAD_DATA *data, char* func);
//#define Dll_PushTlsNameBuffer(x) Dll_PushTlsNameBuffer_(x, __FUNCTION__)
//#define Dll_PopTlsNameBuffer(x) Dll_PopTlsNameBuffer_(x, __FUNCTION__)
#endif

6
Sandboxie/core/dll/dllhook.c
View File

@ -54,7 +54,7 @@ typedef struct _VECTOR_TABLE {
BOOL bVTableEable = TRUE;
#define NUM_VTABLES 0x10
#define VTABLE_SIZE 0x4000 //16k enough for 2048 8 byte entrys
#define VTABLE_SIZE 0x4000 //16k enough for 2048 8 byte entries
VECTOR_TABLE SbieDllVectorTable[NUM_VTABLES] = {
{0,0,0},{0,0,0},{0,0,0},{0,0,0},
@ -203,7 +203,7 @@ skip_e9_rewrite: ;
//
// DX: this simplification fails for delay loaded libraries, see comments about SetSecurityInfo,
// resulting in an endless loop, so just dont do that
// resulting in an endless loop, so just don't do that
//
#if 0
@ -331,7 +331,7 @@ skip_e9_rewrite: ;
//
// on windows 7 hooking NdrClientCall2 in 32bit (WoW64) mode fails
// because the memory area starts at -6 and not -8
// this area could be a hot patch reagion which we dont use
// this area could be a hot patch reagion which we don't use
// hence if that fails just start at the exact offset and try again
//

20
Sandboxie/core/dll/dllmain.c
View File

@ -175,6 +175,12 @@ _FX BOOL WINAPI DllMain(
File_DoAutoRecover(TRUE);
Gui_ResetClipCursor();
}
//#ifdef _WIN64
// // cleanup CS
// DeleteCriticalSection(&VT_CriticalSection);
//#endif
}
return TRUE;
@ -824,7 +830,7 @@ _FX ULONG_PTR Dll_Ordinal1(
Dll_InitInjected(); // install required hooks
//
// notify RPCSS that a new proces was created in the current sandbox
// notify RPCSS that a new process was created in the current sandbox
//
if (Dll_ImageType != DLL_IMAGE_SANDBOXIE_RPCSS) {
@ -855,12 +861,22 @@ _FX ULONG_PTR Dll_Ordinal1(
WCHAR text[128];
Sbie_snwprintf(text, 128, L"Cleanly restarting forced process, reason %d", MustRestartProcess);
SbieApi_MonitorPut(MONITOR_OTHER, text);
SbieApi_MonitorPutMsg(MONITOR_OTHER, text);
extern void Proc_RestartProcessOutOfPcaJob(void);
Proc_RestartProcessOutOfPcaJob();
// does not return
}
//
// explorer needs sandboxed COM show warnign and terminate when COM is not sandboxies
//
if (Dll_ImageType == DLL_IMAGE_SHELL_EXPLORER && SbieDll_IsOpenCOM()) {
SbieApi_Log(2195, NULL);
ExitProcess(0);
}
}
else
{

23
Sandboxie/core/dll/dllmem.c
View File

@ -352,7 +352,7 @@ ALIGNED WCHAR *Dll_GetTlsNameBuffer(
//
// debug checks: the name buffer is allocated at least 64 bytes
// more than needed. fill these with 0xCC, andd check that later
// more than needed. fill these with 0xCC, and check that later
//
#ifdef DEBUG_MEMORY
@ -373,10 +373,16 @@ ALIGNED WCHAR *Dll_GetTlsNameBuffer(
//---------------------------------------------------------------------------
//ALIGNED void Dll_PushTlsNameBuffer_(THREAD_DATA *data, char* func)
#ifdef NAME_BUFFER_DEBUG
ALIGNED void Dll_PushTlsNameBuffer_(THREAD_DATA *data, char* func)
#else
ALIGNED void Dll_PushTlsNameBuffer(THREAD_DATA *data)
#endif
{
//DbgTrace("Dll_PushTlsNameBuffer, %s, %d\r\n", func, data->depth);
#ifdef NAME_BUFFER_DEBUG
DbgTrace("Dll_PushTlsNameBuffer, %s, %d\r\n", func, data->depth);
#endif
++data->depth;
if (data->depth > NAME_BUFFER_DEPTH - 4)
SbieApi_Log(2310, L"%d", data->depth);
@ -391,14 +397,19 @@ ALIGNED void Dll_PushTlsNameBuffer(THREAD_DATA *data)
//---------------------------------------------------------------------------
//_FX void Dll_PopTlsNameBuffer_(THREAD_DATA *data, char* func)
#ifdef NAME_BUFFER_DEBUG
_FX void Dll_PopTlsNameBuffer_(THREAD_DATA *data, char* func)
#else
_FX void Dll_PopTlsNameBuffer(THREAD_DATA *data)
#endif
{
//DbgTrace("Dll_PopTlsNameBuffer, %s, %d\r\n", func, data->depth-1);
#ifdef NAME_BUFFER_DEBUG
DbgTrace("Dll_PopTlsNameBuffer, %s, %d\r\n", func, data->depth-1);
#endif
//
// debug checks: the name buffer is allocated at least 64 bytes
// more than needed. fill these with 0xCC, andd check that later
// more than needed. fill these with 0xCC, and check that later
//
#ifdef DEBUG_MEMORY

4
Sandboxie/core/dll/dllpath.c
View File

@ -324,7 +324,7 @@ _FX int Process_MatchPathList(
level = cur_level;
if (patsrc) *patsrc = Pattern_Source(pat);
// we need to test all entries to find the best match, so we dont break here
// we need to test all entries to find the best match, so we don't break here
}
//
@ -599,7 +599,7 @@ _FX ULONG SbieDll_MatchPath2(WCHAR path_code, const WCHAR *path, BOOLEAN bCheckO
//if (patsrc) *patsrc = curpat;
mp_flags = 0;
// dont goto finish as open can overwrite this
// don't goto finish as open can overwrite this
}
}

10
Sandboxie/core/dll/dump.c
View File

@ -56,7 +56,7 @@ static HMODULE Dump_DbgHelpMod;
MiniDumpWithProcessThreadData | \
MiniDumpWithoutOptionalData | \
MiniDumpIgnoreInaccessibleMemory | \
MiniDumpFilterTriage //0x001205a4 thats what WerFault.exe uses
MiniDumpFilterTriage //0x001205a4 that's what WerFault.exe uses
#define DUMP_FLAGS_EXTENDED MiniDumpWithFullMemory | \
MiniDumpWithHandleData | \
@ -95,7 +95,7 @@ static LONG __stdcall Dump_CrashHandlerExceptionFilter(EXCEPTION_POINTERS* pEx)
#ifdef _M_IX86
if (pEx->ExceptionRecord->ExceptionCode == EXCEPTION_STACK_OVERFLOW)
{
// be sure that we have enought space...
// be sure that we have enough space...
static char MyStack[1024 * 128];
// it assumes that DS and SS are the same!!! (this is the case for Win32)
// change the stack only if the selectors are the same (this is the case for Win32)
@ -149,7 +149,7 @@ static LONG __stdcall Dump_CrashHandlerExceptionFilter(EXCEPTION_POINTERS* pEx)
Sbie_snwprintf(szMiniDumpMessage, 256, L"%s crashed!\r\nCrashdump creation failed.", Dll_ImageName);
else
Sbie_snwprintf(szMiniDumpMessage, 256, L"%s crashed!\r\nCrashdump saved to \"%s\".", Dll_ImageName, szMiniDumpFileName);
SbieApi_MonitorPut2(MONITOR_OTHER | MONITOR_TRACE, szMiniDumpMessage, FALSE);
SbieApi_MonitorPutMsg(MONITOR_OTHER | MONITOR_TRACE, szMiniDumpMessage);
// or return one of the following:
// - EXCEPTION_CONTINUE_SEARCH // this will trigger the "normal" OS error-dialog
@ -207,7 +207,7 @@ _FX int Dump_Init(void)
if (Dump_DbgHelpMod != NULL)
return 2;
// Initialize the member, so we do not load the dll after the exception has occured
// Initialize the member, so we do not load the dll after the exception has occurred
// which might be not possible anymore...
Dump_DbgHelpMod = LoadLibrary(L"dbghelp.dll");
if (!Dump_DbgHelpMod )
@ -240,6 +240,6 @@ _FX int Dump_Init(void)
SBIEDLL_HOOK(Dump_, SetUnhandledExceptionFilter);
//SbieApi_MonitorPut2(MONITOR_OTHER | MONITOR_TRACE, L"Minidump enabled", FALSE);
//SbieApi_MonitorPutMsg(MONITOR_OTHER | MONITOR_TRACE, L"Minidump enabled", FALSE);
return 1;
}

20
Sandboxie/core/dll/file.c
View File

@ -811,7 +811,7 @@ check_sandbox_prefix:
//
// If its a sandboxed file, check if its in the current image or in a snapshot
// If its in a snapshot remove teh snapshot prefix
// If its in a snapshot remove the snapshot prefix
//
if (is_boxed_path) {
@ -893,7 +893,7 @@ check_sandbox_prefix:
// that's ok because it hasn't been initialized yet
//
else if (//SbieApi_QueryConfBool(NULL, L"SeparateUserFolders", TRUE) && // if we disable File_InitUsers we dont need to do it here and below
else if (//SbieApi_QueryConfBool(NULL, L"SeparateUserFolders", TRUE) && // if we disable File_InitUsers we don't need to do it here and below
length >= _UserLen &&
_wcsnicmp(*OutTruePath, _User, _UserLen) == 0) {
@ -1567,7 +1567,7 @@ _FX NTSTATUS File_GetName_ExpandShortNames2(
if (Cur_Snapshot && Cur_Snapshot->ScramKey && wcslen(&Path[backslash_index + 1]) <= 12)
{
//
// If we are checking in a snapshot we ned to unscramble the short name
// If we are checking in a snapshot we need to unscramble the short name
//
wcscpy(ShortName, &Path[backslash_index + 1]);
@ -2186,7 +2186,7 @@ _FX ULONG File_MatchPath2(const WCHAR *path, ULONG *FileFlags, BOOLEAN bCheckObj
goto finish;
//
// if path references a mount point, wee see it as the mount location
// if path references a mount point, we see it as the mount location
// \Device\HarddiskVolume1\MOUNT but the driver sees it as the target
// location \Device\HarddiskVolume2, so check for this case
//
@ -2511,7 +2511,7 @@ _FX NTSTATUS File_NtCreateFileImpl(
if (status == STATUS_OBJECT_PATH_SYNTAX_BAD) {
//
// teh driver usually blocks this anyways so try only in app mode
// the driver usually blocks this anyways so try only in app mode
//
if (Dll_CompartmentMode){
@ -2909,7 +2909,7 @@ ReparseLoop:
if (use_rule_specificity && SbieDll_HasReadableSubPath(L'f', TruePath)){
//
// When using Rule specificity we need to create some dummy directrories
// When using Rule specificity we need to create some dummy directories
//
File_CreateBoxedPath(TruePath);
@ -4983,7 +4983,7 @@ _FX NTSTATUS File_NtQueryFullAttributesFileImpl(
if (use_rule_specificity && SbieDll_HasReadableSubPath(L'f', TruePath)){
//
// When using Rule specificity we need to create some dummy directrories
// When using Rule specificity we need to create some dummy directories
//
File_CreateBoxedPath(TruePath);
@ -5138,7 +5138,7 @@ _FX NTSTATUS File_NtQueryInformationFile(
// that the file can be opened by it without unscrambling
// (see also File_GetName_FromFileId)
//
// the reason for this is the possibily of files on both C:
// the reason for this is the possibly of files on both C:
// and D: drives having the same FileId. the program may
// wish to open use a handle on drive C: to open using the
// FileId by might end up using a sandbox handle like
@ -6185,7 +6185,7 @@ _FX NTSTATUS File_SetDisposition(
//
// check if the call to File_NtDeleteFileImpl from the delete handler is expected to fail
// and return the apropriate error
// and return the appropriate error
//
FILE_NETWORK_OPEN_INFORMATION info;
@ -6713,7 +6713,7 @@ _FX NTSTATUS File_RenameFile(
if (! info2->ReplaceIfExists) {
//
// if caller did not explictly ask to replace, but the
// if caller did not explicitly ask to replace, but the
// destination path name is marked deleted, then we also
// physically delete the destination
//

4
Sandboxie/core/dll/file_copy.c
View File

@ -100,7 +100,7 @@ _FX ULONG File_MigrateFile_GetMode(const WCHAR* TruePath, ULONGLONG file_size)
path_len = wcslen(path_lwr);
//
// Check what preset applyes to this file type/path
// Check what preset applies to this file type/path
//
for (ULONG i = 0; i < NUM_COPY_MODES; i++)
@ -158,7 +158,7 @@ found_match:
}
//
// issue apropriate message if so configured, and user wasn't asked
// issue appropriate message if so configured, and user wasn't asked
//
else if (!File_CopyLimitSilent)

2
Sandboxie/core/dll/file_init.c
View File

@ -520,7 +520,7 @@ _FX BOOLEAN File_InitDrives(ULONG DriveMask)
//
// if the object is a valid symbolic link but we don't have
// acccess rights to open the symbolic link then we ask the
// access rights to open the symbolic link then we ask the
// driver to query the link for us
//

4
Sandboxie/core/dll/gui.c
View File

@ -366,8 +366,8 @@ _FX BOOLEAN Gui_Init(HMODULE module)
// NoSbieDesk BEGIN
//
// Sandboxie is routing many gui related things through teh service,
// when we operate in app mode we dont need to do that hence
// Sandboxie is routing many gui related things through the service,
// when we operate in app mode we don't need to do that hence
// disable the use of the gui proxy
//

17
Sandboxie/core/dll/guiclass.c
View File

@ -218,6 +218,7 @@ _FX BOOLEAN Gui_InitClass(void)
// by forcing Gui_RenameClasses=TRUE in maxthon child processes
//
// $Workaround$ - 3rd party fix
if ((! Gui_OpenAllWinClasses) && (! Gui_RenameClasses)
&& Dll_ImageType == DLL_IMAGE_GOOGLE_CHROME
&& _wcsicmp(Dll_ImageName, L"maxthon.exe") == 0) {
@ -227,6 +228,22 @@ _FX BOOLEAN Gui_InitClass(void)
Gui_RenameClasses = TRUE;
}
//
// vivaldi somehow screws up its hooks and its trampoline to NtCreateSection
// ends up pointing to our RegisterClassW detour function
// to work around this issue we disable Gui_RenameClasses for vivaldi.exe
//
// $Workaround$ - 3rd party fix
if (Gui_RenameClasses
&& Dll_ImageType == DLL_IMAGE_GOOGLE_CHROME
&& _wcsicmp(Dll_ImageName, L"vivaldi.exe") == 0
&& SbieApi_QueryConfBool(NULL, L"UseVivaldiWorkaround", TRUE)) {
Gui_RenameClasses = FALSE;
}
//
// hook functions
//

2
Sandboxie/core/dll/guicon.c
View File

@ -85,7 +85,7 @@ _FX BOOLEAN Gui_InitConsole1(void)
//
// We need to set Gui_ConsoleHwnd in order for Gui_InitConsole2 to start up properly,
// this functions starts a thread which listens for WM_DEVICECHANGE which we need
// we could go for a different signaling method in future but for now we stick to this methos
// we could go for a different signaling method in future but for now we stick to this method
//
Gui_ConsoleHwnd = GetConsoleWindow();

4
Sandboxie/core/dll/guidde.c
View File

@ -78,11 +78,11 @@
//
// that proxy window in SbieSvc will actually send the WM_DDE_ACK
// to the client, and will present itself as the server for the
// DDE conversation, so it can recieve any posted WM_DDE_EXECUTE
// DDE conversation, so it can receive any posted WM_DDE_EXECUTE
// messages without IL limitations (per the introduction above).
//
// 4. the proxy window in SbieSvc GUI Proxy receives the WM_DDE_EXECUTE
// message, extracts the command text gived in the message LPARAM,
// message, extracts the command text given in the message LPARAM,
// and sends a WM_COPYDATA to the server window in the sandbox.
// the Gui_DDE_COPYDATA_Received function gets this message through
// the Gui_CanForwardMsg function.

2
Sandboxie/core/dll/guidlg.h
View File

@ -255,7 +255,7 @@ void *GUI_CreateDialogTemplate(
}
for (i = 0; i < tmpl->cDlgItems; ++i) {
// every dialog item begins on a DWORD boundry
// every dialog item begins on a DWORD boundary
memzero(out, sizeof(ULONG));
out = (UCHAR *)((((SIZE_T)out) + 3) & (~3));
ptr = (UCHAR *)((((SIZE_T)ptr) + 3) & (~3));

2
Sandboxie/core/dll/guienum.c
View File

@ -975,7 +975,7 @@ _FX void Gui_MonitorW(const WCHAR *clsnm, ULONG monflag, HWND hwnd)
Sbie_snwprintf(text, 130, L"#%d", PtrToUlong(clsnm) & 0xFFFF);
if ((! hwnd) && (! monflag))
monflag |= MONITOR_DENY;
SbieApi_MonitorPut(MONITOR_WINCLASS | monflag, text);
SbieApi_MonitorPut2(MONITOR_WINCLASS | monflag, text, FALSE);
}

2
Sandboxie/core/dll/guihook.c
View File

@ -289,7 +289,7 @@ ULONG CALLBACK Gui_HookHelperProc(LPVOID lpParam)
// by the service worker for each session, see GuiServer::WndHookNotifySlave
//
// whenever a window is created the service gets notified and instructs
// the hooking pocess to hook the window's thread this is done using QueueUserAPC
// the hooking process to hook the window's thread this is done using QueueUserAPC
// targeting this helper thread, whenever a APC is scheduled the thread
// will resume and execute it, it being Gui_NotifyWinHooksAPC
//

2
Sandboxie/core/dll/guimisc.c
View File

@ -348,7 +348,7 @@ _FX BOOL Gui_ClipCursor(const RECT *lpRect)
_FX void Gui_ResetClipCursor(void)
{
//
// progams that set a clip cursor (e.g. full screen games) tend to
// programs that set a clip cursor (e.g. full screen games) tend to
// remove the clip on alt-tab switch, but do not remove the clip when
// terminating. and the clip remains in effect probably because the
// sandboxed process does not have WINSTA_WRITEATTRIBUTES access.

4
Sandboxie/core/dll/guimsg.c
View File

@ -343,7 +343,7 @@ _FX LRESULT Gui_SendMessageTimeoutW(
// the window of the owner of the clipboard data, in order
// to test if the window is not hung, and display or hide
// the Paste menu command accordingly. make sure the
// command is displayed even for windows ouside the sandbox
// command is displayed even for windows outside the sandbox
//
if (hWnd == __sys_GetClipboardOwner()) {
@ -796,7 +796,7 @@ fail:
}
Sbie_snwprintf(name, 48, L"$:TID=%08X:MSG=%08X", idThread, uMsg);
SbieApi_MonitorPut(MONITOR_WINCLASS | MONITOR_DENY, name);
SbieApi_MonitorPut2(MONITOR_WINCLASS | MONITOR_DENY, name, FALSE);
return FALSE;
}

4
Sandboxie/core/dll/hook_inst.c
View File

@ -157,7 +157,7 @@ ALIGNED BOOLEAN Hook_Analyze(
if (! addr) {
addr = address;
#ifdef KERNEL_MODE
RtlStringCbPrintfW(text, 64,
RtlStringCbPrintfW(text, sizeof(text),
#else
Sbie_snwprintf(text, 64,
#endif
@ -581,7 +581,7 @@ ALIGNED UCHAR *Hook_Analyze_Prefix(UCHAR *addr, BOOLEAN is64, ULONG *flags)
// an instruction actually encodes full 64-bits of information:
//
// - moving to/from accum register: opcodes A0..A3
// - this is the default, unless overriden
// - this is the default, unless overridden
// by prefix 67
//
// - moving immediate value to any register: opcodes B8..BF

254
Sandboxie/core/dll/ipc.c
View File

@ -244,6 +244,19 @@ static NTSTATUS Ipc_NtOpenSection(
//---------------------------------------------------------------------------
static NTSTATUS Ipc_NtCreateSymbolicLinkObject (
PHANDLE SymbolicLinkHandle,
ACCESS_MASK DesiredAccess,
POBJECT_ATTRIBUTES ObjectAttributes,
PUNICODE_STRING DestinationName);
static NTSTATUS Ipc_NtOpenSymbolicLinkObject(
PHANDLE SymbolicLinkHandle,
ACCESS_MASK DesiredAccess,
POBJECT_ATTRIBUTES ObjectAttributes);
//---------------------------------------------------------------------------
static P_NtCreatePort __sys_NtCreatePort = NULL;
static P_NtConnectPort __sys_NtConnectPort = NULL;
@ -269,6 +282,10 @@ static P_NtCreateSemaphore __sys_NtCreateSemaphore = NULL;
static P_NtOpenSemaphore __sys_NtOpenSemaphore = NULL;
static P_NtCreateSection __sys_NtCreateSection = NULL;
static P_NtOpenSection __sys_NtOpenSection = NULL;
static P_NtCreateSymbolicLinkObject __sys_NtCreateSymbolicLinkObject= NULL;
static P_NtOpenSymbolicLinkObject __sys_NtOpenSymbolicLinkObject = NULL;
static P_NtImpersonateAnonymousToken
__sys_NtImpersonateAnonymousToken
= NULL;
@ -371,6 +388,14 @@ _FX BOOLEAN Ipc_Init(void)
SBIEDLL_HOOK(Ipc_,NtCreateSection);
SBIEDLL_HOOK(Ipc_,NtOpenSection);
SBIEDLL_HOOK(Ipc_,NtCreateSymbolicLinkObject);
SBIEDLL_HOOK(Ipc_,NtOpenSymbolicLinkObject);
//NtOpenDirectoryObject
//NtQueryDirectoryObject
//NtCreateDirectoryObject
//NtCreateDirectoryObjectEx
// OriginalToken BEGIN
if (!Dll_CompartmentMode && !SbieApi_QueryConfBool(NULL, L"OriginalToken", FALSE))
// OriginalToken END
@ -3141,6 +3166,235 @@ OpenTruePath:
}
//---------------------------------------------------------------------------
// Ipc_NtCreateSymbolicLinkObject
//---------------------------------------------------------------------------
_FX NTSTATUS Ipc_NtCreateSymbolicLinkObject(
PHANDLE SymbolicLinkHandle, ACCESS_MASK DesiredAccess,
POBJECT_ATTRIBUTES ObjectAttributes, PUNICODE_STRING DestinationName)
{
ULONG LastError;
THREAD_DATA *TlsData;
NTSTATUS status;
OBJECT_ATTRIBUTES objattrs;
UNICODE_STRING objname;
WCHAR *TruePath;
WCHAR *CopyPath;
ULONG mp_flags;
//
// shortcut processing when object name is not specified
//
if ((! ObjectAttributes) || (! ObjectAttributes->ObjectName)) {
return __sys_NtCreateSymbolicLinkObject(
SymbolicLinkHandle, DesiredAccess, ObjectAttributes,
DestinationName);
}
//
// normal processing
//
TlsData = Dll_GetTlsData(&LastError);
Dll_PushTlsNameBuffer(TlsData);
__try {
//
// get the full paths for the true and copy objects
//
status = Ipc_GetName2(ObjectAttributes, &TruePath, &CopyPath);
if (! NT_SUCCESS(status))
__leave;
if (! TruePath) {
if(ObjectAttributes->ObjectName->Buffer)
SbieApi_MonitorPut2(MONITOR_IPC, ObjectAttributes->ObjectName->Buffer, FALSE);
status = __sys_NtCreateSymbolicLinkObject(
SymbolicLinkHandle, DesiredAccess, ObjectAttributes,
DestinationName);
__leave;
}
InitializeObjectAttributes(&objattrs,
&objname, OBJECT_ATTRIBUTES_ATTRIBUTES, NULL, Secure_EveryoneSD);
//
// check if this is an open or closed path
//
mp_flags = SbieDll_MatchPath2(L'i', TruePath, FALSE, TRUE); // SbieDll_MatchPath(L'i', TruePath);
if (PATH_IS_CLOSED(mp_flags)) {
status = STATUS_ACCESS_DENIED;
__leave;
}
if (PATH_IS_OPEN(mp_flags)) {
RtlInitUnicodeString(&objname, TruePath);
objattrs.SecurityDescriptor = ObjectAttributes->SecurityDescriptor;
status = __sys_NtCreateSymbolicLinkObject(
SymbolicLinkHandle, DesiredAccess, &objattrs,
DestinationName);
__leave;
}
//
// try to create the object name by its CopyPath, creating the
// CopyPath hierarchy if needed
//
RtlInitUnicodeString(&objname, CopyPath);
status = __sys_NtCreateSymbolicLinkObject(
SymbolicLinkHandle, DesiredAccess, &objattrs,
DestinationName);
if (status == STATUS_OBJECT_PATH_NOT_FOUND) {
status = Ipc_CreatePath(TruePath, CopyPath);
if (NT_SUCCESS(status)) {
status = __sys_NtCreateSymbolicLinkObject(
SymbolicLinkHandle, DesiredAccess, &objattrs,
DestinationName);
}
}
//
// finish
//
} __except (EXCEPTION_EXECUTE_HANDLER) {
status = GetExceptionCode();
}
Dll_PopTlsNameBuffer(TlsData);
SetLastError(LastError);
return status;
}
//---------------------------------------------------------------------------
// Ipc_NtOpenSymbolicLinkObject
//---------------------------------------------------------------------------
_FX NTSTATUS Ipc_NtOpenSymbolicLinkObject(
HANDLE *SymbolicLinkHandle,
ACCESS_MASK DesiredAccess,
OBJECT_ATTRIBUTES *ObjectAttributes)
{
ULONG LastError;
THREAD_DATA *TlsData = Dll_GetTlsData(&LastError);
NTSTATUS status;
OBJECT_ATTRIBUTES objattrs;
UNICODE_STRING objname;
WCHAR *TruePath;
WCHAR *CopyPath;
ULONG mp_flags;
Dll_PushTlsNameBuffer(TlsData);
__try {
//
// get the full paths for the true and copy objects
//
status = Ipc_GetName2(ObjectAttributes, &TruePath, &CopyPath);
if (! NT_SUCCESS(status))
__leave;
if (! TruePath) {
status = __sys_NtOpenSymbolicLinkObject(
SymbolicLinkHandle, DesiredAccess, ObjectAttributes);
__leave;
}
InitializeObjectAttributes(
&objattrs, &objname, OBJECT_ATTRIBUTES_ATTRIBUTES, NULL, NULL);
//
// check if this is an open or closed path
//
mp_flags = SbieDll_MatchPath(L'i', TruePath);
if (PATH_IS_CLOSED(mp_flags)) {
status = STATUS_ACCESS_DENIED;
__leave;
}
if (PATH_IS_OPEN(mp_flags)) goto OpenTruePath;
//
// open the object by its CopyPath first
// finish on success, else try true path
//
RtlInitUnicodeString(&objname, CopyPath);
status = __sys_NtOpenSymbolicLinkObject(
SymbolicLinkHandle, DesiredAccess, &objattrs);
if(NT_SUCCESS(status))
__leave;
//if (status == STATUS_OBJECT_PATH_NOT_FOUND) {
//
// status = Ipc_CreatePath(TruePath, CopyPath);
//
// if (NT_SUCCESS(status))
// status = STATUS_OBJECT_NAME_NOT_FOUND;
//}
//
//__leave;
//
// try the TruePath
//
OpenTruePath:
RtlInitUnicodeString(&objname, TruePath);
status = __sys_NtOpenSymbolicLinkObject(
SymbolicLinkHandle, DesiredAccess, &objattrs);
if (PATH_NOT_OPEN(mp_flags) && (status == STATUS_ACCESS_DENIED))
status = STATUS_OBJECT_NAME_NOT_FOUND;
//
// finish
//
} __except (EXCEPTION_EXECUTE_HANDLER) {
status = GetExceptionCode();
}
Dll_PopTlsNameBuffer(TlsData);
SetLastError(LastError);
return status;
}
//---------------------------------------------------------------------------
// Ipc_IsKnownDllInSandbox
//---------------------------------------------------------------------------

2
Sandboxie/core/dll/iphlp.c
View File

@ -190,7 +190,7 @@ _FX BOOLEAN IpHlp_Init(HMODULE module)
void *NotifyRouteChange2;
void *CancelMibChangeNotify2;
if (Dll_CompartmentMode || Dll_OsBuild < 6000) { // in compartment mode we have a full token so no need to hook anythign here
if (Dll_CompartmentMode || Dll_OsBuild < 6000) { // in compartment mode we have a full token so no need to hook anything here
//
// earlier than Windows Vista, don't hook

1
Sandboxie/core/dll/key.c
View File

@ -21,6 +21,7 @@
//---------------------------------------------------------------------------
#define NOGDI
#include "dll.h"
#include "obj.h"
#include "handle.h"

125
Sandboxie/core/dll/key_merge.c
View File

@ -20,6 +20,7 @@
// Key Merge
//---------------------------------------------------------------------------
#include "common/pattern.h"
//---------------------------------------------------------------------------
// Structures and Types
@ -99,6 +100,8 @@ static NTSTATUS Key_MergeCacheSubkeys(KEY_MERGE *merge, HANDLE TrueHandle);
static NTSTATUS Key_MergeCacheValues(KEY_MERGE *merge, HANDLE TrueHandle);
static NTSTATUS Key_MergeCacheDummys(KEY_MERGE *merge, const WCHAR *TruePath);
static NTSTATUS Key_MergeSubkeys(
KEY_MERGE *merge, KEY_MERGE *TrueMerge, HANDLE CopyHandle);
@ -449,6 +452,17 @@ _FX NTSTATUS Key_OpenForMerge(
//
status = STATUS_SUCCESS;
BOOLEAN use_rule_specificity = (Dll_ProcessFlags & SBIE_FLAG_RULE_SPECIFICITY) != 0;
//
// if rule specificity is enabled we may not have access to this true path
// but still have access to some sub paths, in this case instead of listing the
// true directory we parse the rule list and construst a cached dummy directory
//
if (use_rule_specificity)
Key_MergeCache(NULL, &info.LastWriteTime, TruePath, out_TrueMerge);
}
if (! NT_SUCCESS(status)) {
@ -596,7 +610,7 @@ _FX NTSTATUS Key_MergeCache(
//
// this function returns (possibly first creating) a cached KEY_MERGE
// which represents only the true key for a particular key path.
// this makes a noticable performance difference, because most true
// this makes a noticeable performance difference, because most true
// keys don't change during the lifetime of a sandboxed process,
// but they still need to be repeatedly merged with copy keys
//
@ -672,9 +686,14 @@ _FX NTSTATUS Key_MergeCache(
// build the subkeys and values in the true merge
//
status = Key_MergeCacheSubkeys(merge, TrueHandle);
if (NT_SUCCESS(status))
status = Key_MergeCacheValues(merge, TrueHandle);
if (TrueHandle != NULL) {
status = Key_MergeCacheSubkeys(merge, TrueHandle);
if (NT_SUCCESS(status))
status = Key_MergeCacheValues(merge, TrueHandle);
}
else { // special case for rule specificity
status = Key_MergeCacheDummys(merge, TruePath);
}
if (NT_SUCCESS(status))
*out_TrueMerge = merge;
else {
@ -686,6 +705,94 @@ _FX NTSTATUS Key_MergeCache(
}
//---------------------------------------------------------------------------
// Key_MergeCacheDummys
//---------------------------------------------------------------------------
_FX NTSTATUS Key_MergeCacheDummys(KEY_MERGE *merge, const WCHAR *TruePath)
{
ULONG len;
KEY_MERGE_SUBKEY *subkey, *subkey2;
//
// create a dummy key
//
LIST* lists[4];
SbieDll_GetReadablePaths(L'k', lists);
ULONG TruePathLen = wcslen(TruePath);
if (TruePathLen > 1 && TruePath[TruePathLen - 1] == L'\\')
TruePathLen--; // never take last \ into account
ULONG* PrevEntry = NULL;
for (int i=0; lists[i] != NULL; i++) {
PATTERN* pat = List_Head(lists[i]);
while (pat) {
const WCHAR* patstr = Pattern_Source(pat);
if (_wcsnicmp(TruePath, patstr, TruePathLen) == 0 && patstr[TruePathLen] == L'\\') {
const WCHAR* ptr = &patstr[TruePathLen + 1];
const WCHAR* end = wcschr(ptr, L'\\');
if(end == NULL) end = wcschr(ptr, L'*');
if(end == NULL) end = wcschr(ptr, L'\0');
ULONG name_len = (ULONG)(end - ptr) * sizeof(WCHAR);
//
// create the subkey
//
len = sizeof(KEY_MERGE_SUBKEY) + name_len + sizeof(WCHAR);
subkey = Dll_Alloc(len);
subkey->name_len = name_len;
memcpy(subkey->name, ptr, subkey->name_len);
subkey->name[subkey->name_len / sizeof(WCHAR)] = L'\0';
subkey->LastWriteTime.QuadPart = 0;
subkey->TitleOrClass = FALSE;
//
// find where to insert it. if the new key is already larger than
// our last key in the sorted list, instead directly at the end
//
subkey2 = List_Tail(&merge->subkeys);
if (subkey2 && _wcsicmp(subkey2->name, subkey->name) < 0)
subkey2 = NULL;
else {
subkey2 = List_Head(&merge->subkeys);
while (subkey2) {
int cmp = _wcsicmp(subkey2->name, subkey->name);
if (cmp == 0) goto next;
if (cmp > 0)
break;
subkey2 = List_Next(subkey2);
}
}
if (subkey2)
List_Insert_Before(&merge->subkeys, subkey2, subkey);
else
List_Insert_After(&merge->subkeys, NULL, subkey);
}
next:
pat = List_Next(pat);
}
}
SbieDll_ReleaseFilePathLock();
return STATUS_SUCCESS;
}
//---------------------------------------------------------------------------
// Key_MergeCacheSubkeys
//---------------------------------------------------------------------------
@ -782,6 +889,7 @@ _FX NTSTATUS Key_MergeCacheSubkeys(KEY_MERGE *merge, HANDLE TrueHandle)
++index;
}
Dll_Free(info);
return STATUS_SUCCESS;
}
@ -879,6 +987,7 @@ _FX NTSTATUS Key_MergeCacheValues(KEY_MERGE *merge, HANDLE TrueHandle)
++index;
}
Dll_Free(info);
return STATUS_SUCCESS;
}
@ -948,9 +1057,9 @@ TrueHandleFinish:
;
//
// next, get the subkeys from CopyHandle. subkeys that are
// marked deleted are removed from the merge. other subkeys
// are insterted in sorted alphabetical order
// next, get the subkeys from CopyHandle. Subkeys that are
// marked as deleted are removed from the merge. Other subkeys
// are inserted in sorted alphabetical order
//
index = 0;
@ -1111,7 +1220,7 @@ TrueHandleFinish:
//
// next, get the values from CopyHandle. values that are
// marked deleted are removed from the merge. other values
// are insterted in sorted alphabetical order
// are inserted in sorted alphabetical order
//
index = 0;

2
Sandboxie/core/dll/ldr.c
View File

@ -223,7 +223,7 @@ static DLL Ldr_Dlls[] = {
{ L"ComDlg32.dll", "ComDlg32.dll", ComDlg32_Init, 0}, // fix for opera.exe
{ L"ntmarta.dll", "ntmarta.dll", Ntmarta_Init, 0}, // workaround for chrome and acrobat reader
// Non Windows DLLs:
{ L"osppc.dll", "osppc.dll", Scm_OsppcDll, 0}, // ensure osppsvc is tunning
{ L"osppc.dll", "osppc.dll", Scm_OsppcDll, 0}, // ensure osppsvc is running
{ L"mso.dll", "mso.dll", File_MsoDll, 0}, // hack for File_IsRecoverable
{ L"agcore.dll", "agcore.dll", Custom_SilverlightAgCore, 0}, // msft silverlight - deprecated
// Non Microsoft DLLs:

3
Sandboxie/core/dll/ldr_init.c
View File

@ -154,7 +154,6 @@ static const WCHAR *Ldr_InjectDll = LDR_INJECT_SETTING_NAME;
static const WCHAR *Ldr_HostInjectDll = LDR_HOST_INJECT_SETTING_NAME;
static ULONG_PTR Ldr_ImageBase = 0;
static ULONG_PTR Ldr_ImportDescriptor = 0;
BOOLEAN Ldr_BoxedImage = FALSE;
@ -496,7 +495,7 @@ _FX WCHAR *Ldr_FixImagePath_2(void)
//
// Windows is caching loaded modules, when after being run a binary is moved
// and run again, NtQueryVirtualMemory wil return the original location
// and run again, NtQueryVirtualMemory will return the original location
// and not the valid up to date current location.
// Hence we use NtQueryInformationProcess instead it also returns the reparsed path
//

4
Sandboxie/core/dll/lowlevel_inject.c
View File

@ -495,7 +495,7 @@ _FX ULONG SbieDll_InjectLow(HANDLE hProcess, ULONG init_flags, BOOLEAN dup_drv_h
}
//
// prepare the lowdata paramters area to copy into target process
// prepare the lowdata parameters area to copy into target process
//
SBIELOW_DATA lowdata;
@ -771,7 +771,7 @@ _FX BOOLEAN SbieDll_InjectLow_BuildTramp(
//
// skip past several bytes in the code copied from the top of the
// LdrInitializeThunk fuction, where we will inject a jmp sequence.
// LdrInitializeThunk function, where we will inject a jmp sequence.
//
// a simple E9 relative JMP five byte instruction in most cases,
// a slightly longer seven byte version in case there is a long

2
Sandboxie/core/dll/mscoree.c
View File

@ -57,7 +57,7 @@ _FX DWORD MsCorEE__CorExeMain()
}
// Load inject dlls in .Net process' entry (_CorExeMain).
// Load inject dlls in .Net process's entry (_CorExeMain).
_FX BOOLEAN MsCorEE_Init(HMODULE hmodule)
{

2
Sandboxie/core/dll/net.c
View File

@ -604,7 +604,7 @@ _FX int WSA_IsBlockedTraffic(const short *addr, int addrlen, int protocol)
Sbie_snwprintf(msg, 256, L"Network Traffic; Port: %u; Prot: %u; IPv4: %d.%d.%d.%d", port, protocol,
ip.Data[12], ip.Data[13], ip.Data[14], ip.Data[15]);
}
SbieApi_MonitorPut2(MONITOR_NETFW | (block ? MONITOR_DENY : MONITOR_OPEN), msg, FALSE);
SbieApi_MonitorPutMsg(MONITOR_NETFW | (block ? MONITOR_DENY : MONITOR_OPEN), msg);
}
if (block) {

2
Sandboxie/core/dll/netapi.c
View File

@ -203,7 +203,7 @@ _FX BOOLEAN NetApi_Hook_NetUseAdd(HMODULE module)
}
//
// In in app mode we have a full token and this wil be successfull, hence no need for a hook
// In in app mode we have a full token and this will be successful, hence no need for a hook
//
if (Dll_CompartmentMode) // NoServiceAssist

286
Sandboxie/core/dll/proc.c
View File

@ -578,54 +578,95 @@ _FX BOOL Proc_SetProcessMitigationPolicy(
}
//---------------------------------------------------------------------------
// Proc_FindArgumentEnd
//---------------------------------------------------------------------------
_FX const WCHAR* Proc_FindArgumentEnd(const WCHAR* arguments)
{
//
// when suplying: "aaaa \"bb cc\"ddd\"e\\"f\" gg hh \\"ii \"jjjj kkkk"
// to an application for (int i = 0; i < argc; i++) printf("%s\n", argv[i]); gives:
// "aaaa", "bb ccddde\"f", "gg", "hh", "\"ii", "jjjj kkkk"
// here we exactly replicate this parsing scheme
//
const WCHAR* ptr = arguments;
BOOLEAN inq = FALSE;
BOOLEAN esc = FALSE;
for (; *ptr != L'\0'; ptr++) {
if (esc)
esc = FALSE;
else {
if (*ptr == L'\\') {
esc = TRUE;
continue;
}
if (*ptr == L'\"') {
inq = !inq;
continue;
}
}
if (!inq && (*ptr == L' ' || *ptr == L'\t'))
break;
}
return ptr;
}
//---------------------------------------------------------------------------
// Proc_CreateProcessInternalW
//---------------------------------------------------------------------------
void *Proc_GetImageFullPath(const WCHAR *lpApplicationName, const WCHAR *lpCommandLine)
{
if ((lpApplicationName == NULL) && (lpCommandLine == NULL))
return NULL;
const WCHAR *start = NULL;
int len = 0;
if (lpApplicationName) {
start = lpApplicationName;
len = wcslen(start) + 1; // add 1 for NULL
}
else {
start = lpCommandLine;
const WCHAR *end;
// if command line is not quoted, look for 1st space
if (*start != L'\"') {
end = start;
while (*end != 0 && *end != L' ')
end++;
}
// else, look for end quote
else {
start++;
end = start;
while (*end != 0 && *end != L'\"')
end++;
}
len = (int)(end - start) + 1;
}
WCHAR *mybuf = Dll_Alloc(len * sizeof(WCHAR));
if (!mybuf) {
return NULL;
}
memset(mybuf, 0xcd, len * 2);
wcsncpy(mybuf, start, len - 1);
mybuf[len - 1] = L'\0';
return mybuf;
}
//void *Proc_GetImageFullPath(const WCHAR *lpApplicationName, const WCHAR *lpCommandLine)
//{
// if ((lpApplicationName == NULL) && (lpCommandLine == NULL))
// return NULL;
//
// const WCHAR *start = NULL;
// int len = 0;
//
// if (lpApplicationName) {
// start = lpApplicationName;
// len = wcslen(start) + 1; // add 1 for NULL
// }
// else {
// start = lpCommandLine;
// const WCHAR *end;
//
// // if command line is not quoted, look for 1st space
// if (*start != L'\"') {
// end = start;
// while (*end != 0 && *end != L' ')
// end++;
// }
// // else, look for end quote
// else {
// start++;
// end = start;
// while (*end != 0 && *end != L'\"')
// end++;
// }
// len = (int)(end - start) + 1;
// }
//
// //
// // add + 4 space to be able to append a ".exe" in case its missing
// //
//
// WCHAR *mybuf = Dll_Alloc((len + 4) * sizeof(WCHAR));
// if (!mybuf) {
// return NULL;
// }
//
// memset(mybuf, 0xcd, (len + 4) * sizeof(WCHAR));
// wcsncpy(mybuf, start, len - 1);
// mybuf[len - 1] = L'\0';
//
// return mybuf;
//}
//
@ -745,19 +786,43 @@ _FX BOOL Proc_CreateProcessInternalW(
if (Dll_OsBuild >= 17677) { // 10 RS5 and later
/*
//Logic for windows 10 RS5
WCHAR* mybuf = Proc_GetImageFullPath(lpApplicationName, lpCommandLine);
if (mybuf == NULL)
return FALSE;
FileHandle = CreateFileW(mybuf, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, NULL);
if (FileHandle == INVALID_HANDLE_VALUE) {
LONG len = wcslen(mybuf);
if (len < 4 || _wcsicmp(mybuf - 4, L".exe") != 0) {
wcscat(mybuf, L".exe");
FileHandle = CreateFileW(mybuf, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, NULL);
}
}
Dll_Free(mybuf);
if (FileHandle != INVALID_HANDLE_VALUE) {
Proc_StoreImagePath(TlsData, FileHandle);
NtClose(FileHandle);
}
}*/
//
// invoke the real CreateProcessInternal so it can record accurate
//
TlsData->proc_create_process_capture_image = TRUE;
ok = __sys_CreateProcessInternalW(
NULL, lpApplicationName, lpCommandLine,
NULL, NULL, FALSE, dwCreationFlags,
lpEnvironment, lpCurrentDirectory,
lpStartupInfo, lpProcessInformation, hNewToken);
//err = GetLastError(); // == ERROR_BAD_EXE_FORMAT
TlsData->proc_create_process_capture_image = FALSE;
//
// the system may have quoted the first part of the command line,
@ -796,7 +861,7 @@ _FX BOOL Proc_CreateProcessInternalW(
else { // xp, 7, 8 and 10 before RS5
//
// invoke the real CreateProcessInternal so it can record acurate
// invoke the real CreateProcessInternal so it can record accurate
// paths in NtCreateSection/Proc_SectionCallback, and then fail.
//
@ -948,30 +1013,76 @@ _FX BOOL Proc_CreateProcessInternalW(
|| SbieDll_CheckPatternInList(lpApplicationName, (ULONG)(lpProgram - lpApplicationName), NULL, L"BreakoutFolder")) {
const WCHAR* lpArguments = NULL;
if (lpCommandLine) {
if (lpCommandLine[0] == L'\"') {
lpArguments = wcschr(lpCommandLine + 1, L'\"');
if (lpArguments) lpArguments++; // skip "
}
else
lpArguments = wcschr(lpCommandLine, L' ');
if (!lpArguments) lpArguments = wcschr(lpCommandLine, L'\0');
}
if (lpCommandLine)
lpArguments = Proc_FindArgumentEnd(lpCommandLine);
WCHAR *mybuf = Dll_Alloc((wcslen(lpApplicationName) + 2 + (lpArguments ? wcslen(lpArguments) : 0) + 1) * sizeof(WCHAR));
WCHAR *mybuf = Dll_Alloc((wcslen(lpApplicationName) + 2 + (lpArguments ? wcslen(lpArguments) + 8192 : 0) + 1) * sizeof(WCHAR));
if (mybuf) {
//
// The breakout request is validated by the service, hence we need a clean and complete
// application path and not a just a command line where the binary may be missing the .exe
// and or be only relative to the workign directory, or worse the path variable.
// and or be only relative to the working directory, or worse the path variable.
//
wcscpy(mybuf, L"\"");
wcscat(mybuf, lpApplicationName);
wcscat(mybuf, L"\"");
if(lpArguments)
wcscat(mybuf, lpArguments);
if (lpArguments) { // must always start with a space
//wcscat(mybuf, lpArguments);
WCHAR* mybuff2 = mybuf + wcslen(mybuf);
//
// add arguments one by one and if needed adapt them
//
WCHAR* temp = Dll_Alloc(sizeof(WCHAR) * 8192);
for (const WCHAR* ptr = lpArguments; *ptr != L'\0';) {
WCHAR* end = (WCHAR*)Proc_FindArgumentEnd(ptr);
ULONG len = (ULONG)(end - ptr);
if (len > 0) {
WCHAR savechar = *end;
*end = L'\0';
const WCHAR* tmp = ptr;
if (ptr[0] == L'\"') tmp++;
if (((tmp[0] >= L'A' && tmp[0] <= L'Z') || (tmp[0] >= L'a' && tmp[0] <= L'z')) && tmp[1] == L':') {
wcscpy(temp, tmp);
if (ptr[0] == L'\"') temp[len - 2] = L'\0';
HANDLE hFile = CreateFileW(temp, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, NULL);
if (hFile != INVALID_HANDLE_VALUE) {
BOOLEAN is_copy;
LONG status = SbieDll_GetHandlePath(hFile, temp, &is_copy);
if (status == 0 && is_copy) {
SbieDll_TranslateNtToDosPath(temp);
ptr = temp;
len = wcslen(ptr);
}
CloseHandle(hFile);
}
}
wmemcpy(mybuff2, ptr, len);
mybuff2 += len;
*end = savechar;
}
*mybuff2++ = *end;
if (*end != L'\0') end++;
ptr = end;
}
Dll_Free(temp);
}
if (! lpCurrentDirectory) { // lpCurrentDirectory must not be NULL
lpCurrentDirectory = Dll_Alloc(sizeof(WCHAR) * 8192);
@ -1006,7 +1117,7 @@ _FX BOOL Proc_CreateProcessInternalW(
//
// in compartment mode we dont mess around just create the process
// in compartment mode we don't mess around just create the process
//
// OriginalToken BEGIN
@ -1305,7 +1416,7 @@ finish:
{
WCHAR msg[1024];
Sbie_snwprintf(msg, 1024, L"CreateProcess: %s (%s); err=%d", lpApplicationName ? lpApplicationName : L"[noName]", lpCommandLine ? lpCommandLine : L"[noCmd]", ok ? 0 : err);
SbieApi_MonitorPut2(MONITOR_OTHER | MONITOR_TRACE, msg, FALSE);
SbieApi_MonitorPutMsg(MONITOR_OTHER | MONITOR_TRACE, msg);
}
SetLastError(err);
@ -1329,7 +1440,7 @@ _FX BOOL Proc_AlternateCreateProcess(
SetLastError(ERROR_ACCESS_DENIED);
*ReturnValue = FALSE;
SbieApi_MonitorPut(MONITOR_OTHER, L"Blocked start of an updater");
SbieApi_MonitorPutMsg(MONITOR_OTHER, L"Blocked start of an updater");
return TRUE; // exit CreateProcessInternal
}
@ -1352,13 +1463,13 @@ _FX BOOL Proc_AlternateCreateProcess(
// don't start Kaspersky Anti Virus klwtblfs.exe component
// because Kaspersky protects the process and we can't put
// it into a job or inject SbieLow and so on
SbieApi_MonitorPut(MONITOR_OTHER, L"Blocked start of klwtblfs.exe");
SbieApi_MonitorPutMsg(MONITOR_OTHER, L"Blocked start of klwtblfs.exe");
return TRUE; // exit CreateProcessInternal
}
if (Dll_ImageType == DLL_IMAGE_SANDBOXIE_DCOMLAUNCH && lpCommandLine
&& wcsstr(lpCommandLine, L"smartscreen.exe")) {
SbieApi_MonitorPut(MONITOR_OTHER, L"Blocked start of smartscreen.exe");
SbieApi_MonitorPutMsg(MONITOR_OTHER, L"Blocked start of smartscreen.exe");
return TRUE; // exit CreateProcessInternal
}
return FALSE; // continue with CreateProcessInternal
@ -1867,58 +1978,56 @@ _FX NTSTATUS Proc_NtCreateUserProcess(
_In_ ULONG ThreadFlags, // THREAD_CREATE_FLAGS_*
_In_opt_ PVOID ProcessParameters, // PRTL_USER_PROCESS_PARAMETERS
_Inout_ PPS_CREATE_INFO CreateInfo,
_In_opt_ PPS_ATTRIBUTE_LIST AttributeList)
_In_ PPS_ATTRIBUTE_LIST AttributeList)
{
NTSTATUS status;
UNICODE_STRING objname;
SIZE_T ImageNameIndex = -1;
for (SIZE_T i = 0; i < AttributeList->TotalLength; i++) {
SIZE_T count = (AttributeList->TotalLength - sizeof(SIZE_T)) / sizeof(PS_ATTRIBUTE);
for (SIZE_T i = 0; i < count; i++) {
if (AttributeList->Attributes[i].Attribute == 0x00020005) { // PsAttributeValue(PsAttributeImageName, FALSE, TRUE, FALSE);
ImageNameIndex = i;
break;
}
}
if (ImageNameIndex != -1) {
ULONG LastError;
THREAD_DATA *TlsData = Dll_GetTlsData(&LastError);
objname.Buffer = (WCHAR*)AttributeList->Attributes[ImageNameIndex].Value;
objname.Length = (USHORT)AttributeList->Attributes[ImageNameIndex].Size;
objname.MaximumLength = objname.Length + sizeof(wchar_t);
if (TlsData->proc_create_process_capture_image) {
WCHAR *TruePath;
WCHAR *CopyPath;
ULONG FileFlags;
if (NT_SUCCESS(File_GetName(NULL, &objname, &TruePath, &CopyPath, &FileFlags))) {
TlsData->proc_create_process_capture_image = FALSE;
if (ImageNameIndex != -1) {
objname.Buffer = (WCHAR*)AttributeList->Attributes[ImageNameIndex].Value;
objname.Length = (USHORT)AttributeList->Attributes[ImageNameIndex].Size;
objname.MaximumLength = objname.Length + sizeof(wchar_t);
HANDLE FileHandle;
OBJECT_ATTRIBUTES objattrs;
UNICODE_STRING objname2;
IO_STATUS_BLOCK IoStatusBlock;
RtlInitUnicodeString(&objname2, CopyPath);
InitializeObjectAttributes(
&objattrs, &objname2, OBJ_CASE_INSENSITIVE, NULL, NULL);
&objattrs, &objname, OBJ_CASE_INSENSITIVE, NULL, NULL);
extern P_NtCreateFile __sys_NtCreateFile;
status = __sys_NtCreateFile(
status = NtCreateFile(
&FileHandle, FILE_GENERIC_READ, &objattrs,
&IoStatusBlock, NULL, 0, FILE_SHARE_READ,
FILE_OPEN, FILE_SYNCHRONOUS_IO_NONALERT, NULL, 0);
if (NT_SUCCESS(status)) {
if (SbieDll_TranslateNtToDosPath(CopyPath)) {
wmemmove(CopyPath + 4, CopyPath, wcslen(CopyPath) + sizeof(WCHAR));
wmemcpy(CopyPath, L"\\??\\", 4);
AttributeList->Attributes[ImageNameIndex].Value = (ULONG_PTR)CopyPath;
AttributeList->Attributes[ImageNameIndex].Size = wcslen(CopyPath) * sizeof(WCHAR);
}
Proc_StoreImagePath(TlsData, FileHandle);
NtClose(FileHandle);
}
}
SetLastError(LastError);
return STATUS_BAD_INITIAL_PC;
}
status = __sys_NtCreateUserProcess(ProcessHandle,
@ -1933,11 +2042,6 @@ _FX NTSTATUS Proc_NtCreateUserProcess(
CreateInfo,
AttributeList);
if (ImageNameIndex != -1) {
AttributeList->Attributes[ImageNameIndex].Value = (ULONG_PTR)objname.Buffer;
AttributeList->Attributes[ImageNameIndex].Size = objname.Length;
}
return status;
}
@ -2367,7 +2471,7 @@ _FX BOOLEAN Proc_IsSoftwareUpdateW(const WCHAR *path)
//SbieApi_Log(2191, SoftName);
SbieApi_Log(2191, Dll_ImageName);
SbieApi_Log(2192, NULL);
SbieApi_Log(2193, NULL);
//SbieApi_Log(2193, NULL);
}
return IsUpdate;

2
Sandboxie/core/dll/pst.cpp
View File

@ -90,7 +90,7 @@ extern "C" _FX BOOLEAN Pst_Init(HMODULE module)
return TRUE;
//
// in app mode we dont need these hooks as we have a full token
// in app mode we don't need these hooks as we have a full token
//
if (Dll_CompartmentMode)

10
Sandboxie/core/dll/rpcrt.c
View File

@ -568,7 +568,7 @@ WCHAR* GetDynamicLpcPortName(const WCHAR* wszPortId)
else
Sbie_snwprintf(text, 130, L"Failed to resolve dynamic port: %s; status: %08X", req.wszPortId, rpl ? rpl->h.status : 0);
SbieApi_MonitorPut2(MONITOR_RPC | MONITOR_TRACE, text, FALSE);
SbieApi_MonitorPutMsg(MONITOR_RPC | MONITOR_TRACE, text);
}
if (rpl && NT_SUCCESS(rpl->h.status))
@ -780,7 +780,7 @@ _FX ULONG RpcRt_RpcBindingFromStringBindingW(
CallingModule ? CallingModule : L"unknown");
//OutputDebugString(msg);
SbieApi_MonitorPut2(MONITOR_RPC | MONITOR_TRACE, msg, FALSE);
SbieApi_MonitorPutMsg(MONITOR_RPC | MONITOR_TRACE, msg);
}
if(use_RpcMgmtSetComTimeout) __sys_RpcMgmtSetComTimeout(*OutBinding, RPC_C_BINDING_TIMEOUT);
@ -894,7 +894,7 @@ _FX RPC_STATUS RpcRt_RpcBindingCreateW(
CallingModule ? CallingModule : L"unknown");
//OutputDebugString(msg);
SbieApi_MonitorPut2(MONITOR_RPC | MONITOR_TRACE, msg, FALSE);
SbieApi_MonitorPutMsg(MONITOR_RPC | MONITOR_TRACE, msg);
}
__sys_RpcStringFreeW(&StringUuid);
@ -922,7 +922,7 @@ RPC_STATUS RPC_ENTRY RpcRt_RpcStringBindingComposeW(TCHAR *ObjUuid,TCHAR *ProtSe
Scm_Start_Sppsvc();
}
// we must block this in Win 10 to prevent r-click context menu hang in Explorer
// note: this breaks otehr things but we need it,
// note: this breaks other things but we need it,
// so instead we block the {470C0EBD-5D73-4D58-9CED-E91E22E23282} Pin To Start Screen verb handler;
// inside Com_CoCreateInstance
//else if (ObjUuid && (!_wcsicmp(ObjUuid, UUID_UserMgrCli)))
@ -1017,7 +1017,7 @@ void RpcRt_NdrClientCallX(const WCHAR* Function, void* ReturnAddress, PMIDL_STUB
Sbie_snwprintf(text, 512, L"Calling %s, caused log exception, caller = '%s'", Function, CallingModule);
}
SbieApi_MonitorPut2(MONITOR_RPC | MONITOR_TRACE, text, FALSE);
SbieApi_MonitorPutMsg(MONITOR_RPC | MONITOR_TRACE, text);
}

28
Sandboxie/core/dll/sbieapi.c
View File

@ -107,7 +107,7 @@ _FX NTSTATUS SbieApi_Ioctl(ULONG64 *parms)
WCHAR dbg[1024];
extern const wchar_t* Trace_SbieDrvFunc2Str(ULONG func);
Sbie_snwprintf(dbg, 1024, L"SbieApi_Ioctl: %s %s", Dll_ImageName, Trace_SbieDrvFunc2Str((ULONG)parms[0]));
SbieApi_MonitorPut2(MONITOR_OTHER | MONITOR_TRACE, dbg, FALSE);
SbieApi_MonitorPutMsg(MONITOR_OTHER | MONITOR_TRACE, dbg);
}
if (SbieApi_DeviceHandle == INVALID_HANDLE_VALUE) {
@ -1478,6 +1478,7 @@ _FX LONG SbieApi_MonitorPut(
return SbieApi_MonitorPut2(Type, Name, TRUE);
}
//---------------------------------------------------------------------------
// SbieApi_MonitorPut2
//---------------------------------------------------------------------------
@ -1504,6 +1505,31 @@ _FX LONG SbieApi_MonitorPut2(
}
//---------------------------------------------------------------------------
// SbieApi_MonitorPutMsg
//---------------------------------------------------------------------------
_FX LONG SbieApi_MonitorPutMsg(
ULONG Type,
const WCHAR* Message)
{
NTSTATUS status;
__declspec(align(8)) ULONG64 parms[API_NUM_ARGS];
API_MONITOR_PUT2_ARGS *args = (API_MONITOR_PUT2_ARGS *)parms;
memset(parms, 0, sizeof(parms));
args->func_code = API_MONITOR_PUT2;
args->log_type.val = Type;
args->log_len.val64 = wcslen(Message) * sizeof(WCHAR);
args->log_ptr.val64 = (ULONG64)(ULONG_PTR)Message;
args->check_object_exists.val64 = FALSE;
args->is_message.val64 = TRUE;
status = SbieApi_Ioctl(parms);
return status;
}
//---------------------------------------------------------------------------
// SbieApi_MonitorGet
//---------------------------------------------------------------------------

5
Sandboxie/core/dll/sbieapi.h
View File

@ -207,6 +207,11 @@ LONG SbieApi_MonitorPut2(
const WCHAR *Name,
BOOLEAN bCheckObjectExists);
SBIEAPI_EXPORT
LONG SbieApi_MonitorPutMsg(
ULONG Type,
const WCHAR *Message);
//SBIEAPI_EXPORT
//LONG SbieApi_MonitorGet(
// ULONG *Type,

14
Sandboxie/core/dll/scm_create.c
View File

@ -825,7 +825,7 @@ _FX BOOL SbieDll_StartBoxedService(const WCHAR *ServiceName, BOOLEAN WithAdd)
WCHAR text[130];
Sbie_snwprintf(text, 130, L"StartBoxedService; name: '%s'", ServiceName);
SbieApi_MonitorPut(MONITOR_SCM, text);
SbieApi_MonitorPutMsg(MONITOR_SCM, text);
//
// when invoked from SandboxieRpcSs to handle StartProcess,
@ -1096,7 +1096,7 @@ _FX BOOL Scm_StartServiceW(
WCHAR text[130];
Sbie_snwprintf(text, 130, L"StartService: %s", ServiceName);
SbieApi_MonitorPut(MONITOR_SCM, text);
SbieApi_MonitorPutMsg(MONITOR_SCM, text);
if (Scm_IsBoxedService(ServiceName))
return SbieDll_StartBoxedService(ServiceName, FALSE);
@ -1146,13 +1146,13 @@ _FX ULONG Scm_ServiceMainThread(ULONG_PTR *args)
{
WCHAR text[130];
Sbie_snwprintf(text, 130, L"ServiceMainThread; begin");
SbieApi_MonitorPut(MONITOR_SCM, text);
SbieApi_MonitorPutMsg(MONITOR_SCM, text);
typedef void (*P_Main)(ULONG argc, void **argv);
((P_Main)args[0])(1, (void **)&args[1]);
Sbie_snwprintf(text, 130, L"ServiceMainThread; end");
SbieApi_MonitorPut(MONITOR_SCM, text);
SbieApi_MonitorPutMsg(MONITOR_SCM, text);
//
// if this is the MSI Server, then wait for all our callers to end
@ -1244,7 +1244,7 @@ _FX BOOL Scm_StartServiceCtrlDispatcherX(
WCHAR text[130];
Sbie_snwprintf(text, 130, L"StartServiceCtrlDispatcher; name: '%s'", ServiceName);
SbieApi_MonitorPut(MONITOR_SCM, text);
SbieApi_MonitorPutMsg(MONITOR_SCM, text);
//
// open the key for the service
@ -1362,7 +1362,7 @@ _FX BOOL Scm_StartServiceCtrlDispatcherX(
//
Sbie_snwprintf(text, 130, L"StartServiceCtrlDispatcher; result: %s", Scm_Started ? L"sucess" : L"failure");
SbieApi_MonitorPut(MONITOR_SCM, text);
SbieApi_MonitorPutMsg(MONITOR_SCM, text);
if (! Scm_Started) {
SbieApi_Log(2211, ServiceName);
@ -1499,7 +1499,7 @@ _FX BOOL Scm_SetServiceStatus_Internal(
WCHAR text[130];
Sbie_snwprintf(text, 130, L"SetServiceStatus; status: <%08X>", lpServiceStatus->dwCurrentState);
SbieApi_MonitorPut(MONITOR_SCM, text);
SbieApi_MonitorPutMsg(MONITOR_SCM, text);
#define MySetValueKey() \
NtSetValueKey(ServiceKeyHandle, &uni, \

2
Sandboxie/core/dll/scm_misc.c
View File

@ -132,7 +132,7 @@ _FX BOOLEAN Scm_SecHostDll(HMODULE module)
//
// support for Windows 7 SecHost:
// for every function that our AdvApi32 module hooks,
// we route the correspoding function in SecHost to AdvApi32
// we route the corresponding function in SecHost to AdvApi32
//
advapi = LoadLibrary(DllName_advapi32);

4
Sandboxie/core/dll/secure.c
View File

@ -997,8 +997,8 @@ _FX NTSTATUS Ldr_NtQueryInformationToken(
TokenInformation, TokenInformationLength, ReturnLength);
//
// To make the process think we need to chage here a few values
// we also ensure that tha token belongs to the current process
// To make the process think we need to change here a few values
// we also ensure that the token belongs to the current process
//
if (Secure_FakeAdmin && (SbieApi_QueryProcessInfoEx(0, 'ippt', (LONG_PTR)(hTokenReal ? hTokenReal : TokenHandle))))

4
Sandboxie/core/dll/setup.c
View File

@ -247,9 +247,9 @@ _FX BOOLEAN Setup_Init_CfgMgr32(HMODULE module)
{
FIND_EP(CM_Add_Driver_PackageW);
FIND_EP(CM_Add_Driver_Package_ExW);
// Note: When the Add_Driver_Package is not hooked it will atempt to contact the deviceinstall service,
// Note: When the Add_Driver_Package is not hooked it will attempt to contact the deviceinstall service,
// which uses a dynamic rpc port, heence as long as there is no blank OpenIpcPath=* this call will fail
// We hook these two functions only to provide the user a SBIE2205 informing, that drivers cant be installed.
// We hook these two functions only to provide the user a SBIE2205 informing, that drivers can't be installed.
if (__sys_CM_Add_Driver_PackageW) {
DO_CALL_HOOK(
CM_Add_Driver_PackageW,Setup_CM_Add_Driver_PackageW);

2
Sandboxie/core/dll/sh.c
View File

@ -1426,7 +1426,7 @@ _FX ULONG SH_GetInternetExplorerVersion(void)
//
// Code running in Explorer (both Windows and Internet) may AddRef() on the
// host process using SHGetInstanceExplorer and then forget to Release().
// This causes a sandboxed IE or Explorer to go on running indefinately.
// This causes a sandboxed IE or Explorer to go on running indefinitely.
// To work around this, we have a thread that monitors the number of open
// windows, and forces Explorer to close when there are no more windows.
//

6
Sandboxie/core/dll/trace.c
View File

@ -101,7 +101,7 @@ ALIGNED void Trace_RtlSetLastWin32Error(ULONG err)
if (err) {
WCHAR strW[64];
Sbie_snwprintf(strW, 64, L"SetError: %d\n", err);
SbieApi_MonitorPut2(MONITOR_OTHER | MONITOR_TRACE, strW, FALSE);
SbieApi_MonitorPutMsg(MONITOR_OTHER | MONITOR_TRACE, strW);
}
__sys_RtlSetLastWin32Error(err);
}
@ -114,7 +114,7 @@ ALIGNED void Trace_RtlSetLastWin32Error(ULONG err)
ALIGNED void Trace_OutputDebugStringW(const WCHAR *strW)
{
SbieApi_MonitorPut2(MONITOR_OTHER | MONITOR_TRACE, strW, FALSE);
SbieApi_MonitorPutMsg(MONITOR_OTHER | MONITOR_TRACE, strW);
__sys_OutputDebugStringW(strW);
}
@ -129,7 +129,7 @@ ALIGNED void Trace_OutputDebugStringA(const UCHAR *strA)
{
WCHAR strW[256 + 1];
Sbie_snwprintf(strW, 256 + 1, L"%S", strA); // convert to WCHAR
SbieApi_MonitorPut2(MONITOR_OTHER | MONITOR_TRACE, strW, FALSE);
SbieApi_MonitorPutMsg(MONITOR_OTHER | MONITOR_TRACE, strW);
__sys_OutputDebugStringA(strA);
}

14
Sandboxie/core/dll/util_64.asm
View File

@ -97,7 +97,7 @@ RpcRt_Ndr64AsyncClientCall PROC
;; xor rcx,rcx ; clear pProxyInfo
;; xor rdx,rdx ; clear nProcNum
;; xor r8,r8 ; clear pReturnValue
; mov r8,[rsp + 8+(4*8)] ; return poitner
; mov r8,[rsp + 8+(4*8)] ; return pointer
lea r9,[rsp + 8+(4*8) + 4*8] ; setup Args -> SECURE_UAC_ARGS
call RpcRt_Ndr64AsyncClientCall_x64
test al,al
@ -211,7 +211,7 @@ RpcRt_NdrAsyncClientCall PROC
;; xor rcx,rcx ; clear pStubDescriptor
;; xor rdx,rdx ; clear pFormat
; mov r8,[rsp + 8+(4*8)] ; return poitner
; mov r8,[rsp + 8+(4*8)] ; return pointer
lea r8,[rsp + 8+(4*8) + 3*8] ; Args
call RpcRt_NdrAsyncClientCall_x64
test al,al
@ -231,7 +231,7 @@ CancelCallA:
;;; xor rcx,rcx ; clear pProxyInfo
;;; xor rdx,rdx ; clear nProcNum
;;; xor r8,r8 ; clear pReturnValue
;; mov r8,[rsp + 8+(4*8)] ; return poitner
;; mov r8,[rsp + 8+(4*8)] ; return pointer
; lea r8,[rsp + 8+(4*8) + 3*8] ; Args
; call RpcRt_NdrAsyncClientCall_...
@ -260,7 +260,7 @@ RpcRt_NdrClientCall2 PROC
;; xor rcx,rcx ; clear pStubDescriptor
;; xor rdx,rdx ; clear pFormat
; mov r8,[rsp + 8+(4*8)] ; return poitner
; mov r8,[rsp + 8+(4*8)] ; return pointer
lea r8,[rsp + 8+(4*8) + 3*8] ; Args
call RpcRt_NdrClientCall2_x64
test al,al
@ -280,7 +280,7 @@ CancelCall2:
;;; xor rcx,rcx ; clear pProxyInfo
;;; xor rdx,rdx ; clear nProcNum
;;; xor r8,r8 ; clear pReturnValue
;; mov r8,[rsp + 8+(4*8)] ; return poitner
;; mov r8,[rsp + 8+(4*8)] ; return pointer
; lea r8,[rsp + 8+(4*8) + 3*8] ; Args
; call RpcRt_NdrClientCall2_...
@ -311,7 +311,7 @@ RpcRt_NdrClientCall3 PROC
;; xor rcx,rcx ; clear pProxyInfo
;; xor rdx,rdx ; clear nProcNum
;; xor r8,r8 ; clear pReturnValue
; mov r8,[rsp + 8+(4*8)] ; return poitner
; mov r8,[rsp + 8+(4*8)] ; return pointer
lea r9,[rsp + 8+(4*8) + 4*8] ; Args
call RpcRt_NdrClientCall3_x64
test al,al
@ -331,7 +331,7 @@ CancelCall3:
;;; xor rcx,rcx ; clear pProxyInfo
;;; xor rdx,rdx ; clear nProcNum
;;; xor r8,r8 ; clear pReturnValue
;; mov r8,[rsp + 8+(4*8)] ; return poitner
;; mov r8,[rsp + 8+(4*8)] ; return pointer
; lea r9,[rsp + 8+(4*8) + 4*8] ; Args
; call RpcRt_NdrClientCall3_...

2
Sandboxie/core/drv/api.c
View File

@ -694,7 +694,7 @@ _FX void Api_AddMessage(
}
}
// else // this can only happen when the entire buffer is to small to hold this entire entry
// if loging fails we can't log this error :/
// if logging fails we can't log this error :/
Api_LeaveCriticalSection(irql);
}

1
Sandboxie/core/drv/api_defs.h
View File

@ -344,6 +344,7 @@ API_ARGS_FIELD(ULONG, log_type)
API_ARGS_FIELD(ULONG, log_len)
API_ARGS_FIELD(WCHAR *, log_ptr)
API_ARGS_FIELD(BOOLEAN,check_object_exists)
API_ARGS_FIELD(BOOLEAN,is_message)
//API_ARGS_FIELD(ULONG, log_aux)
API_ARGS_CLOSE(API_MONITOR_PUT2_ARGS)

4
Sandboxie/core/drv/conf.c
View File

@ -54,7 +54,7 @@
// Note: we want to preserver the order of the settings when enumerating
// hence we can not replace the list with a hash map entierly
// instead we use booth, here the hash map ise used only for lookups
// the keys in the map are only pointers to the name fileds in the list entries
// the keys in the map are only pointers to the name fields in the list entries
//
typedef struct _CONF_DATA {
@ -65,7 +65,7 @@ typedef struct _CONF_DATA {
HASH_MAP sections_map;
#endif
BOOLEAN home; // TRUE if configuration read from Driver_Home_Path
ULONG encoding; // 0 - unicode, 1 - utf8, 2 - unicode (byte swaped)
ULONG encoding; // 0 - unicode, 1 - utf8, 2 - unicode (byte swapped)
volatile ULONG use_count;
} CONF_DATA;

2
Sandboxie/core/drv/driver.c
View File

@ -643,7 +643,7 @@ _FX BOOLEAN Driver_FindMissingServices(void)
#endif
//
// Retrive some unexported kernel functions that may be usefull
// Retrieve some unexported kernel functions that may be useful
//
ZwCreateToken = (P_NtCreateToken) Driver_FindMissingService("ZwCreateToken", 13);

2
Sandboxie/core/drv/driver.h
View File

@ -73,8 +73,6 @@
#define HOOK_WIN32K
//new FILE_INFORMATION_CLASS type not defined in current wdm.h used in windows 10 FCU
#define SB_FileRenameInformationEx 65
//---------------------------------------------------------------------------
// Structures and Types
//---------------------------------------------------------------------------

61
Sandboxie/core/drv/file.c
View File

@ -104,6 +104,9 @@ static NTSTATUS File_Generic_MyParseProc(
static NTSTATUS File_CreatePagingFile(
PROCESS *proc, SYSCALL_ENTRY *syscall_entry, ULONG_PTR *user_args);
static NTSTATUS File_CreateSymbolicLinkObject(
PROCESS *proc, SYSCALL_ENTRY *syscall_entry, ULONG_PTR *user_args);
static void File_ReplaceTokenIfFontRequest(
ACCESS_STATE *AccessState,
PDEVICE_OBJECT DeviceObject, UNICODE_STRING *FileName, BOOLEAN* pbSetDirty);
@ -221,6 +224,9 @@ _FX BOOLEAN File_Init(void)
if (! Syscall_Set1("CreatePagingFile", File_CreatePagingFile))
return FALSE;
if (! Syscall_Set1("CreateSymbolicLinkObject", File_CreateSymbolicLinkObject))
return FALSE;
//
// set API functions
//
@ -652,7 +658,7 @@ _FX BOOLEAN File_InitPaths(PROCESS *proc,
NULL
};
static const WCHAR* openPipesCM[] = {
// open thos in compartment mode as do not use the de-administrator-ize proxy in File_NtCreateFilePipe
// open those in compartment mode as do not use the de-administrator-ize proxy in File_NtCreateFilePipe
//
L"\\device\\*pipe\\lsarpc",
L"\\device\\*pipe\\srvsvc",
@ -827,7 +833,7 @@ _FX BOOLEAN File_BlockInternetAccess(PROCESS *proc)
BOOLEAN ok;
//
// is this process excempted from the blocade
// is this process exempted from the blockade
//
if (proc->AllowInternetAccess)
@ -1061,8 +1067,7 @@ _FX NTSTATUS File_Generic_MyParseProc(
{
if ((proc->file_trace & TRACE_IGNORE) || Session_MonitorCount) {
ULONG ignore_str_len;
WCHAR *ignore_str;
WCHAR ignore_str[24];
WCHAR *device_name_ptr;
status = Obj_GetParseName(
@ -1072,21 +1077,17 @@ _FX NTSTATUS File_Generic_MyParseProc(
else
device_name_ptr = Obj_Unnamed.Name.Buffer;
ignore_str_len = (wcslen(device_name_ptr) + 24) * sizeof(WCHAR);
ignore_str = Mem_Alloc(proc->pool, ignore_str_len);
if (ignore_str) {
RtlStringCbPrintfW(ignore_str, ignore_str_len,
L"(FI) %08X %s", device_type, device_name_ptr);
RtlStringCbPrintfW(ignore_str, sizeof(ignore_str),
L"(FI) %08X %s", device_type);
if (proc->file_trace & TRACE_IGNORE)
Log_Debug_Msg(MONITOR_IGNORE, ignore_str, Driver_Empty);
Log_Debug_Msg(MONITOR_IGNORE, ignore_str, device_name_ptr);
else if (Session_MonitorCount && !proc->disable_monitor &&
device_type != FILE_DEVICE_PHYSICAL_NETCARD)
Session_MonitorPut(MONITOR_IGNORE, ignore_str + 4, proc->pid);
Mem_Free(ignore_str, ignore_str_len);
Session_MonitorPut(MONITOR_IGNORE, device_name_ptr, proc->pid);
}
if (Name && Name != &Obj_Unnamed)
@ -1355,9 +1356,10 @@ _FX NTSTATUS File_Generic_MyParseProc(
//
#ifdef USE_MATCH_PATH_EX
// is_write = ((mp_flags & TRUE_PATH_MASK) == TRUE_PATH_CLOSED_FLAG) && ((mp_flags & COPY_PATH_MASK) == COPY_PATH_OPEN_FLAG);
// is_open = ((mp_flags & TRUE_PATH_MASK) == TRUE_PATH_OPEN_FLAG);
// is_closed = ((mp_flags & TRUE_PATH_MASK) == 0)
if ((!write_access || !((mp_flags & TRUE_PATH_WRITE_FLAG) != 0)) && !((mp_flags & TRUE_PATH_MASK) == 0)) {
if (proc->use_rule_specificity || ((!write_access || !((mp_flags & TRUE_PATH_WRITE_FLAG) != 0)) && !((mp_flags & TRUE_PATH_MASK) == 0))) {
#else
if ((! is_open) && (! is_closed)) {
#endif
@ -1414,10 +1416,11 @@ _FX NTSTATUS File_Generic_MyParseProc(
#ifdef USE_MATCH_PATH_EX
//
// if this is not a atribute or sync request update the permissions for the network path
// if this is not a attribute or sync request update the permissions for the network path
//
if ((MyContext->OriginalDesiredAccess != FILE_READ_ATTRIBUTES) &&
if (proc->use_rule_specificity ||
(MyContext->OriginalDesiredAccess != FILE_READ_ATTRIBUTES) &&
(MyContext->OriginalDesiredAccess != SYNCHRONIZE))
{
mp_flags = Process_MatchPathEx(proc, path2, len1, L'n',
@ -1710,6 +1713,18 @@ _FX NTSTATUS File_CreatePagingFile(
}
//---------------------------------------------------------------------------
// File_CreateSymbolicLinkObject
//---------------------------------------------------------------------------
_FX NTSTATUS File_CreateSymbolicLinkObject(
PROCESS *proc, SYSCALL_ENTRY *syscall_entry, ULONG_PTR *user_args)
{
return STATUS_PRIVILEGE_NOT_HELD;
}
//---------------------------------------------------------------------------
// File_ReplaceTokenIfFontRequest
//---------------------------------------------------------------------------
@ -2547,7 +2562,7 @@ _FX NTSTATUS File_Api_CheckInternetAccess(PROCESS *proc, ULONG64 *parms)
wmemcpy(device_name + 8, user_devname, 32);
device_name[8+32] = L'\0';
/* this check is now done in unser mode
/* this check is now done in user mode
//
// convert the device name to lowercase, stop at the first backslash
//
@ -2645,21 +2660,35 @@ get_program:
if (user_devname) {
#ifdef USE_MATCH_PATH_EX
ULONG mp_flags;
#else
BOOLEAN is_open, is_closed;
#endif
KIRQL irql2;
KeRaiseIrql(APC_LEVEL, &irql2);
ExAcquireResourceSharedLite(proc->file_lock, TRUE);
#ifdef USE_MATCH_PATH_EX
mp_flags = Process_MatchPathEx(proc, device_name, wcslen(device_name), L'f',
&proc->normal_file_paths, &proc->open_file_paths, &proc->closed_file_paths,
&proc->read_file_paths, &proc->write_file_paths, NULL);
#else
Process_MatchPath(
proc->pool, device_name, wcslen(device_name),
NULL, &proc->closed_file_paths,
&is_open, &is_closed);
#endif
ExReleaseResourceLite(proc->file_lock);
KeLowerIrql(irql2);
#ifdef USE_MATCH_PATH_EX
if ((mp_flags & TRUE_PATH_MASK) == 0) {
#else
if (is_closed) {
#endif
status = STATUS_ACCESS_DENIED;

4
Sandboxie/core/drv/file_ctrl.c
View File

@ -108,7 +108,7 @@ _FX NTSTATUS Syscall_DeviceIoControlFile(
WCHAR msg_str[240];
RtlStringCbPrintfW(msg_str, sizeof(msg_str), L"DeviceIoContoleFile, CMApi, func = 0x%X, filter=%d, p=%06d t=%06d, %s\n",
function, filter, PsGetCurrentProcessId(), PsGetCurrentThreadId(), proc->image_name);
Log_Debug_Msg(MONITOR_OTHER | MONITOR_TRACE, msg_str, NULL);*/
Log_Debug_Msg(MONITOR_OTHER | MONITOR_TRACE, msg_str, Driver_Empty);*/
if (Session_MonitorCount && (proc->ipc_trace & (TRACE_ALLOW | TRACE_DENY))) {
@ -124,7 +124,7 @@ _FX NTSTATUS Syscall_DeviceIoControlFile(
if (mon_type) {
WCHAR msg_str[24];
RtlStringCbPrintfW(msg_str, sizeof(msg_str), L"Func: %02X", (ULONG)function);
Log_Debug_Msg(mon_type, L"\\Device\\DeviceApi\\CMApi", msg_str);
Log_Debug_Msg(mon_type, msg_str, L"\\Device\\DeviceApi\\CMApi");
}
}

33
Sandboxie/core/drv/file_flt.c
View File

@ -316,7 +316,8 @@ _FX FLT_PREOP_CALLBACK_STATUS File_PreOperation(
// we allow IRP_MJ_SET_INFORMATION to pass except for these 3
if ((Iopb->Parameters.SetFileInformation.FileInformationClass != FileRenameInformation) &&
(Iopb->Parameters.SetFileInformation.FileInformationClass != FileLinkInformation) &&
(Iopb->Parameters.SetFileInformation.FileInformationClass != SB_FileRenameInformationEx))
(Iopb->Parameters.SetFileInformation.FileInformationClass != FileLinkInformationEx) &&
(Iopb->Parameters.SetFileInformation.FileInformationClass != FileRenameInformationEx))
goto finish;
@ -444,10 +445,34 @@ _FX FLT_PREOP_CALLBACK_STATUS File_PreOperation(
if (Iopb->MajorFunction == IRP_MJ_SET_INFORMATION) {
// Do not allow hard links outside the sandbox
if (Iopb->Parameters.SetFileInformation.FileInformationClass == FileLinkInformation) {
if (!Box_IsBoxedPath(proc->box, file, &Iopb->Parameters.SetFileInformation.ParentOfTarget->FileName)) {
if (Iopb->Parameters.SetFileInformation.FileInformationClass == FileLinkInformation
|| Iopb->Parameters.SetFileInformation.FileInformationClass == FileLinkInformationEx) {
// FILE_LINK_INFORMATION* FileInfo = (FILE_LINK_INFORMATION*)Iopb->Parameters.SetFileInformation.InfoBuffer;
// For rename or link operations. If InfoBuffer->FileName contains a fully qualified file name, or if InfoBuffer->RootDirectory is non-NULL,
// this member is a file object pointer for the parent directory of the file that is the target of the operation. Otherwise it is NULL.
if (Iopb->Parameters.SetFileInformation.ParentOfTarget == NULL) {
FLT_FILE_NAME_INFORMATION *pTargetFileNameInfo = NULL;
if (FltGetFileNameInformation(Data, FLT_FILE_NAME_NORMALIZED | FLT_FILE_NAME_QUERY_DEFAULT, &pTargetFileNameInfo) != STATUS_SUCCESS)
{
status = STATUS_ACCESS_DENIED; // if we can't get the name, just disallow the call
}
else
{
// if the file is to be created in the same directory as the original file, we check if the original file is in a sandboxed location
if(!Box_IsBoxedPath(proc->box, file, &pTargetFileNameInfo->Name)) {
status = STATUS_ACCESS_DENIED;
}
}
if (pTargetFileNameInfo != NULL) {
FltReleaseFileNameInformation(pTargetFileNameInfo);
}
}
else if(!Box_IsBoxedPath(proc->box, file, &Iopb->Parameters.SetFileInformation.ParentOfTarget->FileName)) {
status = STATUS_ACCESS_DENIED;
goto finish;
}
}
else {

2
Sandboxie/core/drv/gui_xp.c
View File

@ -1508,7 +1508,7 @@ _FX ULONG_PTR Gui_NtUserSetWindowsHookEx(
if (HookType == WH_JOURNALRECORD || HookType == WH_JOURNALPLAYBACK ||
HookType == WH_KEYBOARD_LL || HookType == WH_MOUSE_LL) {
// MSDN explictly says these hooks are NOT injected into the target
// MSDN explicitly says these hooks are NOT injected into the target
status = STATUS_SUCCESS;

29
Sandboxie/core/drv/ipc.c
View File

@ -102,6 +102,7 @@ static const WCHAR *Ipc_Mutant_TypeName = L"Mutant";
static const WCHAR *Ipc_Semaphore_TypeName = L"Semaphore";
static const WCHAR *Ipc_Section_TypeName = L"Section";
static const WCHAR *Ipc_JobObject_TypeName = L"JobObject";
static const WCHAR *Ipc_SymLink_TypeName = L"SymbolicLinkObject";
//---------------------------------------------------------------------------
@ -137,6 +138,9 @@ _FX BOOLEAN Ipc_Init(void)
if (! Ipc_Init_Type(Ipc_JobObject_TypeName, Ipc_CheckJobObject))
return FALSE;
if (! Ipc_Init_Type(Ipc_SymLink_TypeName, Ipc_CheckGenericObject))
return FALSE;
//
// set object open handlers for port objects
//
@ -702,7 +706,7 @@ _FX BOOLEAN Ipc_InitPaths(PROCESS* proc)
// read-only paths
//
ok = Process_GetPaths(proc, &proc->read_ipc_paths, _ReadPath, TRUE);
ok = Process_GetPaths(proc, &proc->read_ipc_paths, _ReadPath, FALSE);
if (ok) {
@ -724,6 +728,9 @@ _FX BOOLEAN Ipc_InitPaths(PROCESS* proc)
proc->ipc_warn_startrun = Conf_Get_Boolean(
proc->box->name, L"NotifyStartRunAccessDenied", 0, TRUE);
proc->ipc_warn_open_proc = Conf_Get_Boolean(
proc->box->name, L"NotifyProcessAccessDenied", 0, FALSE);
//
// block password
//
@ -1138,7 +1145,7 @@ _FX NTSTATUS Ipc_Api_DuplicateObject(PROCESS *proc, ULONG64 *parms)
HANDLE SourceHandle;
HANDLE TargetProcessHandle;
HANDLE *TargetHandle;
HANDLE TestHandle;
HANDLE DuplicatedHandle;
ULONG DesiredAccess;
ULONG HandleAttributes;
ULONG Options;
@ -1267,7 +1274,7 @@ _FX NTSTATUS Ipc_Api_DuplicateObject(PROCESS *proc, ULONG64 *parms)
//
// we duplicate the handle into kernel space such that that user
// wont be able to grab it while we are evaluaiting it
// won't be able to grab it while we are evaluaiting it
//
HANDLE SourceProcessKernelHandle;
@ -1279,20 +1286,20 @@ _FX NTSTATUS Ipc_Api_DuplicateObject(PROCESS *proc, ULONG64 *parms)
//
// driver verifier wants us to provide a kernel handle as process handles
// but the source handle must be a user handle and the ZwDuplicateObject
// function creates an otehr user handle hence NtClose
// function creates another user handle hence NtClose
//
status = ZwDuplicateObject(
SourceProcessKernelHandle, SourceHandle,
TargetProcessKernelHandle, &TestHandle,
TargetProcessKernelHandle, &DuplicatedHandle,
DesiredAccess, HandleAttributes,
Options & ~DUPLICATE_CLOSE_SOURCE);
if (NT_SUCCESS(status)) {
status = Ipc_CheckObjectName(TestHandle, UserMode);
status = Ipc_CheckObjectName(DuplicatedHandle, UserMode);
NtClose(TestHandle);
NtClose(DuplicatedHandle);
}
ZwClose(SourceProcessKernelHandle);
@ -1307,10 +1314,12 @@ _FX NTSTATUS Ipc_Api_DuplicateObject(PROCESS *proc, ULONG64 *parms)
if (NT_SUCCESS(status)) {
status = NtDuplicateObject(
status = ZwDuplicateObject(
SourceProcessHandle, SourceHandle,
TargetProcessHandle, TargetHandle,
TargetProcessHandle, &DuplicatedHandle,
DesiredAccess, HandleAttributes, Options);
*TargetHandle = DuplicatedHandle;
}
//
@ -1767,4 +1776,4 @@ _FX void Ipc_Unload(void)
{
if (Ipc_Dynamic_Ports.pPortLock)
Mem_FreeLockResource(&Ipc_Dynamic_Ports.pPortLock);
}
}

2
Sandboxie/core/drv/ipc_lsa.c
View File

@ -346,7 +346,7 @@ _FX BOOLEAN Ipc_Filter_Lsa_Ep_Msg(PROCESS* proc, UCHAR uMsg)
if (mon_type) {
WCHAR msg_str[24];
RtlStringCbPrintfW(msg_str, sizeof(msg_str), L"Msg: %02X", (ULONG)uMsg);
Log_Debug_Msg(mon_type, L"\\RPC Control\\LSARPC_ENDPOINT", msg_str);
Log_Debug_Msg(mon_type, msg_str, L"\\RPC Control\\LSARPC_ENDPOINT");
}
}

2
Sandboxie/core/drv/ipc_port.c
View File

@ -260,7 +260,7 @@ _FX NTSTATUS Ipc_CheckPortRequest(
{
WCHAR msg_str[256];
RtlStringCbPrintfW(msg_str, sizeof(msg_str), L"CheckPortRequest, Status <%08X> on Port <%*.*s>\n", status, Name->Name.Length / sizeof(WCHAR), Name->Name.Length / sizeof(WCHAR), Name->Name.Buffer);
Log_Debug_Msg(MONITOR_IPC, msg_str, NULL);
Log_Debug_Msg(MONITOR_IPC, msg_str, Driver_Empty);
}*/
//

2
Sandboxie/core/drv/ipc_sam.c
View File

@ -181,7 +181,7 @@ _FX BOOLEAN Ipc_Filter_Sam_Msg(PROCESS* proc, UCHAR uMsg)
if (mon_type) {
WCHAR msg_str[24];
RtlStringCbPrintfW(msg_str, sizeof(msg_str), L"Msg: %02X", (ULONG)uMsg);
Log_Debug_Msg(mon_type, L"\\RPC Control\\samss lpc", msg_str);
Log_Debug_Msg(mon_type, msg_str, L"\\RPC Control\\samss lpc");
}
}

2
Sandboxie/core/drv/ipc_spl.c
View File

@ -312,7 +312,7 @@ _FX BOOLEAN Ipc_Filter_Spooler_Msg(PROCESS* proc, UCHAR uMsg)
if (mon_type) {
WCHAR msg_str[24];
RtlStringCbPrintfW(msg_str, sizeof(msg_str), L"Msg: %02X", (ULONG)uMsg);
Log_Debug_Msg(mon_type, L"\\RPC Control\\spoolss", msg_str);
Log_Debug_Msg(mon_type, msg_str, L"\\RPC Control\\spoolss");
}
}

5
Sandboxie/core/drv/key.c
View File

@ -241,6 +241,9 @@ _FX BOOLEAN Key_InitProcess(PROCESS *proc)
#ifdef USE_MATCH_PATH_EX
static const WCHAR *normalpaths[] = {
L"HKEY_LOCAL_MACHINE\\*",
//L"HKEY_CURRENT_USER\\software\\Microsoft\\*",
//L"HKEY_CURRENT_USER\\software\\WOW6432Node\\Microsoft\\*",
//L"\\REGISTRY\\USER\\*_Classes\\*",
NULL
};
#endif
@ -927,7 +930,7 @@ _FX BOOLEAN Key_MountHive3(
InitializeObjectAttributes(&objattrs,
&uni, OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE, NULL, NULL);
// ZwLoadKey can fail with device path if current process' devicemap is null
// ZwLoadKey can fail with device path if current process's devicemap is null
// One workaround is to call ObOpenObjectByName and it will trigger devicemap
// to be initialized. Note, Using C: is not necessary. The disk volume doesn't
// need to be there.L"\\??\\A:" works in the tests.

6
Sandboxie/core/drv/log.c
View File

@ -335,13 +335,13 @@ _FX void Log_Status_Ex_Process(
//---------------------------------------------------------------------------
_FX void Log_Debug_Msg(ULONG type, const WCHAR *string1, const WCHAR *string2)
_FX void Log_Debug_Msg(ULONG type, const WCHAR *message, const WCHAR *name)
{
//DbgPrint("(%06d) SBIE %S %S\n",
// PsGetCurrentProcessId(), string1, string2);
// PsGetCurrentProcessId(), message, name);
if (Session_MonitorCount) {
const WCHAR* strings[4] = { string1, string2 ? L" " : NULL, string2, NULL };
const WCHAR* strings[3] = { name, message, NULL };
Session_MonitorPutEx(type, strings, NULL, PsGetCurrentProcessId(), PsGetCurrentThreadId());
}
}

2
Sandboxie/core/drv/log.h
View File

@ -172,7 +172,7 @@ void Log_Status_Ex_Process(
#define Log_Status(error_code,error_subcode,ntstatus) \
Log_Status_Ex(error_code, error_subcode, ntstatus, NULL)
void Log_Debug_Msg(ULONG type, const WCHAR *string1, const WCHAR *string2);
void Log_Debug_Msg(ULONG type, const WCHAR *message, const WCHAR *name);
//---------------------------------------------------------------------------

2
Sandboxie/core/drv/log_buff.c
View File

@ -141,7 +141,7 @@ CHAR* log_buffer_get_next(LOG_BUFFER_SEQ_T seq_number, LOG_BUFFER* ptr_buffer)
}
if (ptr_buffer->buffer_used != 0)
return ptr_buffer->buffer_start_ptr; // we havn't found the next entry and we have entries, so return the first entry
return ptr_buffer->buffer_start_ptr; // we haven't found the next entry and we have entries, so return the first entry
return NULL; // the buffer is apparently empty, return NULL
}

4
Sandboxie/core/drv/my_fltkernel.h
View File

@ -1015,7 +1015,7 @@ typedef struct _FLT_CONTEXT_REGISTRATION {
// allocation of that entry.
//
// NOTE: These fields are ignored if Allocate & Free routines are
// specifed.
// specified.
//
SIZE_T Size;
@ -1371,7 +1371,7 @@ typedef ULONG FLT_FILE_NAME_OPTIONS;
//
// This flag is to be used by name provider filters to specify that a name
// query request they are making should be redirected to their filter rather
// than being satified by the name providers lower in the stack.
// than being satisfied by the name providers lower in the stack.
//
#define FLT_FILE_NAME_REQUEST_FROM_CURRENT_PROVIDER 0x01000000

8
Sandboxie/core/drv/obj.c
View File

@ -172,10 +172,10 @@ _FX BOOLEAN Obj_Init(void)
//
Obj_ObjectTypes = Mem_AllocEx(
Driver_Pool, sizeof(POBJECT_TYPE) * 9, TRUE);
Driver_Pool, sizeof(POBJECT_TYPE) * 10, TRUE);
if (! Obj_ObjectTypes)
return FALSE;
memzero(Obj_ObjectTypes, sizeof(POBJECT_TYPE) * 9);
memzero(Obj_ObjectTypes, sizeof(POBJECT_TYPE) * 10);
if (! Obj_AddObjectType(L"Job")) // PsJobType
return FALSE;
@ -197,6 +197,8 @@ _FX BOOLEAN Obj_Init(void)
if (! Obj_AddObjectType(L"ALPC Port")) // AlpcPortObjectType - not exported
return FALSE;
}
if (! Obj_AddObjectType(L"SymbolicLink")) // ObpSymbolicLinkObjectType - not exported
return FALSE;
//DbgPrint("JobObject; Known: %p; Found: %p\r\n", *PsJobType, Obj_ObjectTypes[0]);
@ -776,4 +778,4 @@ _FX BOOLEAN Obj_AddObjectType(const WCHAR *TypeName)
Obj_ObjectTypes[i] = object;
return TRUE;
}
}

8
Sandboxie/core/drv/obj_flt.c
View File

@ -225,7 +225,7 @@ _FX OB_PREOP_CALLBACK_STATUS Obj_PreOperationCallback(
InitialDesiredAccess = *DesiredAccess;
//
// Based on the object type apply the apropriate filter
// Based on the object type apply the appropriate filter
//
if (PreInfo->ObjectType == *PsProcessType) {
@ -240,7 +240,7 @@ _FX OB_PREOP_CALLBACK_STATUS Obj_PreOperationCallback(
goto Exit;
PEPROCESS ProcessObject = (PEPROCESS)PreInfo->Object;
if (!NT_SUCCESS(Thread_CheckObject_Common(proc, ProcessObject, InitialDesiredAccess, TRUE))) {
if (!NT_SUCCESS(Thread_CheckObject_Common(proc, ProcessObject, InitialDesiredAccess, TRUE, TRUE))) {
#ifdef DRV_BREAKOUT
//
@ -299,7 +299,7 @@ _FX OB_PREOP_CALLBACK_STATUS Obj_PreOperationCallback(
goto Exit;
PEPROCESS ProcessObject = PsGetThreadProcess((PETHREAD)PreInfo->Object);
if (!NT_SUCCESS(Thread_CheckObject_Common(proc, ProcessObject, InitialDesiredAccess, FALSE))) {
if (!NT_SUCCESS(Thread_CheckObject_Common(proc, ProcessObject, InitialDesiredAccess, FALSE, TRUE))) {
*DesiredAccess = 0; // deny any access
}
//ObjectTypeName = L"PsThreadType";
@ -323,4 +323,4 @@ Exit:
//_FX VOID Obj_PostOperationCallback(
// _In_ PVOID RegistrationContext, _In_ POB_POST_OPERATION_INFORMATION PostInfo)
//{
//}
//}

43
Sandboxie/core/drv/process.c
View File

@ -543,7 +543,7 @@ _FX void Process_CreateTerminated(HANDLE ProcessId, ULONG SessionId)
PROCESS *proc;
KIRQL irql;
if (SessionId != -1) { // for StartRunAlertDenied, dont log in this case
if (SessionId != -1) { // for StartRunAlertDenied, don't log in this case
pid_str.Length = 10 * sizeof(WCHAR);
pid_str.MaximumLength = pid_str.Length + sizeof(WCHAR);
@ -742,20 +742,27 @@ _FX PROCESS *Process_Create(
//
if (!Driver_Certified && !proc->image_sbie) {
if (
#ifdef USE_MATCH_PATH_EX
proc->use_rule_specificity ||
proc->use_privacy_mode ||
#endif
proc->bAppCompartment) {
Log_Msg_Process(MSG_6004, proc->box->name, proc->image_name, box->session_id, proc->pid);
const WCHAR* exclusive_setting = NULL;
#ifdef USE_MATCH_PATH_EX
if (proc->use_rule_specificity)
exclusive_setting = L"UseRuleSpecificity";
else if (proc->use_privacy_mode)
exclusive_setting = L"UsePrivacyMode";
else
#endif
if (proc->bAppCompartment)
exclusive_setting = L"NoSecurityIsolation";
if (exclusive_setting) {
Log_Msg_Process(MSG_6004, proc->box->name, exclusive_setting, box->session_id, proc->pid);
//Pool_Delete(pool);
//Process_CreateTerminated(ProcessId, box->session_id);
//return NULL;
// allow the process to run for a sort while to allow the features to be avaluated
// allow the process to run for a sort while to allow the features to be evaluated
Process_ScheduleKill(proc, 5*60*1000); // 5 minutes
}
}
@ -905,7 +912,7 @@ _FX void Process_NotifyProcess(
if (Create) {
//
// it is possible to specify the parrent process when calling RtlCreateUserProcess
// it is possible to specify the parent process when calling RtlCreateUserProcess
// this is for example done by the appinfo service running under svchost.exe
// to start LocalBridge.exe with RuntimeBroker.exe as parent
// hence we take for our purposes the ID of the process calling RtlCreateUserProcess instead
@ -992,7 +999,7 @@ _FX void Process_NotifyProcessEx(
if (CreateInfo != NULL) {
//
// it is possible to specify the parrent process when calling RtlCreateUserProcess
// it is possible to specify the parent process when calling RtlCreateUserProcess
// this is for example done by the appinfo service running under svchost.exe
// to start LocalBridge.exe with RuntimeBroker.exe as parent
// hence we take for our purposes the ID of the process calling RtlCreateUserProcess instead
@ -1086,7 +1093,7 @@ _FX BOOLEAN Process_NotifyProcess_Create(
// there are a couple of scenarios here
// a. CallerId == ParentId boring, all's fine
// b. Caller is sandboxed designated Parent is NOT sandboxed,
// possible sandbox escape atempt
// possible sandbox escape attempt
// c. Caller is not sandboxed, designated Parent IS sandboxed,
// service trying to start something on the behalf of a sandboxed process
// eg. seclogon reacting to a runas request
@ -1174,13 +1181,13 @@ _FX BOOLEAN Process_NotifyProcess_Create(
if (box && Process_IsBreakoutProcess(box, ImagePath)) {
if(!Driver_Certified)
Log_Msg_Process(MSG_6004, box->name, NULL, box->session_id, CallerId);
Log_Msg_Process(MSG_6004, box->name, L"BreakoutProcess", box->session_id, CallerId);
else {
UNICODE_STRING image_uni;
RtlInitUnicodeString(&image_uni, ImagePath);
if (!Box_IsBoxedPath(box, file, &image_uni)) {
check_forced_program = TRUE; // the break out process of one box may be the forced process of an otehr
check_forced_program = TRUE; // the breakout process of one box may be the forced process of another
breakout_box = box;
box = NULL;
}
@ -1337,8 +1344,8 @@ _FX BOOLEAN Process_NotifyProcess_Create(
else if (Driver_OsVersion >= DRIVER_WINDOWS_8) {
//
// on windows 8 and later we can have nested jobs so asigning a
// boxed job to a process will not interfear with the job assigned by SbieSvc
// on windows 8 and later we can have nested jobs so assigning a
// boxed job to a process will not interfere with the job assigned by SbieSvc
//
new_proc->can_use_jobs = Conf_Get_Boolean(new_proc->box->name, L"AllowBoxedJobs", 0, FALSE);
@ -1616,11 +1623,11 @@ _FX void Process_NotifyImage(
void Process_SetTerminated(PROCESS *proc, ULONG reason)
{
//
// This function markes a process for termination, this causes File_PreOperation
// This function marks a process for termination, this causes File_PreOperation
// and Key_Callback to return STATUS_PROCESS_IS_TERMINATING which prevents
// the process form accessing the file system and the registry
//
// Note: if this is set during process creation the process wont be able to start at all
// Note: if this is set during process creation the process won't be able to start at all
//
if (!proc->terminated)

3
Sandboxie/core/drv/process.h
View File

@ -192,6 +192,7 @@ struct _PROCESS {
ULONG ipc_trace;
BOOLEAN disable_object_flt;
BOOLEAN ipc_warn_startrun;
BOOLEAN ipc_warn_open_proc;
BOOLEAN ipc_block_password;
BOOLEAN ipc_open_lsa_endpoint;
BOOLEAN ipc_open_sam_endpoint;
@ -324,7 +325,7 @@ ULONG Process_MatchPathEx(
LIST *read_list, LIST *write_list,
const WCHAR** patsrc);
// Process_GetConf: retrives a configuration data value for a given process
// Process_GetConf: retrieves a configuration data value for a given process
// use with Conf_AdjustUseCount to make sure the returned pointer is valid
const WCHAR* Process_GetConf(PROCESS* proc, const WCHAR* setting);

4
Sandboxie/core/drv/process_api.c
View File

@ -83,7 +83,7 @@ _FX NTSTATUS Process_Api_Start(PROCESS *proc, ULONG64 *parms)
if (user_box_parm < 0) {
//
// if paramter is negative, it specifies the pid number for a
// if parameter is negative, it specifies the pid number for a
// process, from which we copy the box information, including
// SID and session
//
@ -947,7 +947,7 @@ _FX NTSTATUS Process_Enumerate(
#ifdef USE_PROCESS_MAP
//
// quick shortcut for global count retrival
// quick shortcut for global count retrieval
//
if (pids == NULL && (! boxname[0]) && all_sessions) { // no pids, all boxes, all sessions

2
Sandboxie/core/drv/process_force.c
View File

@ -284,7 +284,7 @@ _FX BOX *Process_GetForcedStartBox(
}
//
// check if proces should be injected
// check if process should be injected
//
if ((! box) && (alert != 1) && pHostInject != NULL) {

20
Sandboxie/core/drv/process_util.c
View File

@ -445,7 +445,7 @@ _FX BOOLEAN Process_GetPaths(
if (closed && (*value == L'!')) {
// dont close paths for sbie components
// don't close paths for sbie components
if (closed_ipc && proc->image_sbie)
continue;
@ -878,7 +878,7 @@ _FX int Process_MatchPathList(
level = cur_level;
if (patsrc) *patsrc = Pattern_Source(pat);
// we need to test all entries to find the best match, so we dont break here
// we need to test all entries to find the best match, so we don't break here
}
//
@ -990,7 +990,7 @@ _FX ULONG Process_MatchPathEx(
// and read access to user data must be explicityl grated,
// also all writes are redirected to the sandbox
//
// To enable privacy enchanced mode add UsePrivacyMode=y
// To enable privacy enhanced mode add UsePrivacyMode=y
//
mp_flags = TRUE_PATH_CLOSED_FLAG | COPY_PATH_OPEN_FLAG; // write path mode
@ -1016,7 +1016,7 @@ _FX ULONG Process_MatchPathEx(
//
// write path list, behaved on the driver side like closed path list
// these paths allow read acces to true location and read/write access to copy location
// these paths allow read access to true location and read/write access to copy location
//
if (write_list) {
@ -1034,7 +1034,7 @@ _FX ULONG Process_MatchPathEx(
//
// read path list behaves in the kernel like the default normal behavioure
// these paths allow read only acces to true path and copy locations
// these paths allow read only access to true path and copy locations
//
if (read_list) {
@ -1064,7 +1064,7 @@ _FX ULONG Process_MatchPathEx(
if (patsrc) *patsrc = curpat;
mp_flags = TRUE_PATH_READ_FLAG | COPY_PATH_OPEN_FLAG;
// dont goto finish as open can overwrite this
// don't goto finish as open can overwrite this
}
}
@ -1204,7 +1204,7 @@ _FX BOOLEAN Process_CheckProcessName(
const WCHAR *src = Pattern_Source(pat);
pat = List_Next(pat);
if (wcslen(src) > 3 && src[0] == L'$' && src[1] == L':') {
if (wcslen(src) >= 3 && src[0] == L'$' && src[1] == L':') {
if (! nptr) {
Process_GetProcessName(
@ -1212,7 +1212,7 @@ _FX BOOLEAN Process_CheckProcessName(
if (! nptr)
break;
}
if (_wcsicmp(nptr, src + 2) == 0) {
if (_wcsicmp(nptr, src + 2) == 0 || (src[2] == L'*' && src[3] == L'\0')) { // "$:*" is permitted
result = TRUE;
if (pSetting)
*pSetting = src;
@ -1530,7 +1530,7 @@ _FX BOOLEAN Process_ScheduleKill(PROCESS *proc, LONG delay_ms)
if (proc->reason == 0)
RtlStringCbPrintfW(text, len, L"%s", proc->image_name);
else if (proc->reason != -1) // in this case we have SBIE1308 and dont want any other messages
else if (proc->reason != -1) // in this case we have SBIE1308 and don't want any other messages
RtlStringCbPrintfW(text, len, L"%s [%d]", proc->image_name, proc->reason);
else
*text = 0;
@ -1544,4 +1544,4 @@ _FX BOOLEAN Process_ScheduleKill(PROCESS *proc, LONG delay_ms)
return TRUE;
}
return FALSE;
}
}

Some files were not shown because too many files have changed in this diff Show More